[Koha-devel] Using unsanitized data in regular expressions
Katrin Fischer
katrin.fischer.83 at web.de
Thu Mar 7 20:40:07 CET 2019
Hi Victor,
did you see
*Bug 22462*
<https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22462> -
Crash in patron card printing ?
Katrin
On 07.03.19 11:22, Victor Grousset wrote:
>
>
> On 19-03-07 06:43, David Cook wrote:
>> This one is problematic because it's inability to work can cause
>> infinite loops which can bring down web servers or potentially even
>> entire servers.
>> C4/Patroncards/Patroncard.pm: $line =~ s/$1//;
>
> Indeed, because the process won't timeout and it will take on Starman
> worker forever (when it's used)
>
>
>> I'm just thinking that maybe we should be more careful with what
>> we're feeding into regular expressions.
>>
>> (Although the infinite loop is actually indicative of other problems
>> with C4/Patroncards/Patroncard.pm...)
>
> There might be a linked issue in the label creator.
> A colleague of mine triggered an infinite loop when creating label by
> setting "Lower left X coordinate" to 100.
> We hope to soon retry to reproduce and create a bugzilla about this.
>
> Cheers,
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20190307/0b6c44a7/attachment.html>
More information about the Koha-devel
mailing list