[Koha-devel] Too warning in Koha log " ... CGI::param called in list context from package main ..."
Zeno Tajoli
z.tajoli at cineca.it
Thu Feb 11 09:35:20 CET 2016
Hi to all,
I have find a too high numbers of lines in Koha errors logs.
All lines have:
... CGI::param called in list context from package main line xxx this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.
I use Debian Jessie with Koha 3.20.7. CGI.pm version is 4.09, the jessie version: https://packages.debian.org/jessie/libcgi-pm-perl
Reading this one: http://www.perlmonks.org/?node_id=1105164
and seeing this bugzilla: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14076
I go to /usr/share/perl5/CGI.pm, line 28 and I change
$LIST_CONTEXT_WARN = 1;
into
$LIST_CONTEXT_WARN = 0;
Now no more warings in error logs.
But I don't know:
1)Is present a better way that change a core lib code ?
2)What do we do about "CGI::param called in list context ... can lead to vulnerabilities" ?
Bye
Zeno Tajoli
More information about the Koha-devel
mailing list