[Koha-devel] Too warning in Koha log " ... CGI::param called in list context from package main ..."
Jonathan Druart
jonathan.druart at bugs.koha-community.org
Fri Feb 12 12:54:36 CET 2016
I have suggested a global solution on bug 15809, please have a look.
See bug 14076 for a POC.
2016-02-11 8:35 GMT+00:00 Zeno Tajoli <z.tajoli at cineca.it>:
> Hi to all,
>
> I have find a too high numbers of lines in Koha errors logs.
> All lines have:
> ... CGI::param called in list context from package main line xxx this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.
>
> I use Debian Jessie with Koha 3.20.7. CGI.pm version is 4.09, the jessie version: https://packages.debian.org/jessie/libcgi-pm-perl
>
> Reading this one: http://www.perlmonks.org/?node_id=1105164
> and seeing this bugzilla: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14076
>
> I go to /usr/share/perl5/CGI.pm, line 28 and I change
>
> $LIST_CONTEXT_WARN = 1;
> into
> $LIST_CONTEXT_WARN = 0;
>
> Now no more warings in error logs.
> But I don't know:
> 1)Is present a better way that change a core lib code ?
> 2)What do we do about "CGI::param called in list context ... can lead to vulnerabilities" ?
>
>
> Bye
> Zeno Tajoli
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
More information about the Koha-devel
mailing list