[Koha-devel] Using unsanitized data in regular expressions
Victor Grousset
victor.grousset at biblibre.com
Thu Mar 7 11:22:51 CET 2019
On 19-03-07 06:43, David Cook wrote:
> This one is problematic because it's inability to work can cause infinite loops which can bring down web servers or potentially even entire servers.
> C4/Patroncards/Patroncard.pm: $line =~ s/$1//;
Indeed, because the process won't timeout and it will take on Starman
worker forever (when it's used)
> I'm just thinking that maybe we should be more careful with what we're feeding into regular expressions.
>
> (Although the infinite loop is actually indicative of other problems with C4/Patroncards/Patroncard.pm...)
There might be a linked issue in the label creator.
A colleague of mine triggered an infinite loop when creating label by
setting "Lower left X coordinate" to 100.
We hope to soon retry to reproduce and create a bugzilla about this.
Cheers,
--
Victor Grousset, dev support/maintenance
BibLibre, Services en logiciels libres pour les bibliothèques
BibLibre, Libre/Open Source software and services for libraries
More information about the Koha-devel
mailing list