| commit | e05e8762ad34cf4cc5b6aa1754f99dc6cf3468bf | |
| author | Aleisha Amohia <aleishaamohia@hotmail.com> | |
| Tue, 5 Sep 2017 22:38:12 +0000 (5 22:38 +0000) | ||
| committer | Fridolin Somers <fridolin.somers@biblibre.com> | |
| Tue, 10 Oct 2017 10:00:11 +0000 (10 12:00 +0200) | ||
| tree | d482f42c4a013856df1557082535c6cb8102b1fa | treesnapshot (tar.gz zip) |
| parent | e1905b08362472ed94dac09d6f9ff2163b5ddf7a | commitdiff |
Bug 19258: Preventing warns when paying a fine or charge from Pay selected button
The following warns are triggered when I click the Pay selected button:
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line 267,
this can lead to vulnerabilities. See the warning in "Fetching the
value or values of a single named parameter" at
usr/share/perl5/CGI.pm line 436.
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line
273, this can lead to vulnerabilities. See the warning in "Fetching
the value or values of a single named parameter" at
/usr/share/perl5/CGI.pm line 436.
To test:
1) Go to a members detail page in staff side and create a manual
invoice
2) Go to the pay fines tab, select the fine you just created and click
Pay selected
3) Notice warns
4) Apply patch and repeat steps 1 & 2
5) Warns should be gone
Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ddf494b18f6c422d3654b0a78a63be86f5356065)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
The following warns are triggered when I click the Pay selected button:
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line 267,
this can lead to vulnerabilities. See the warning in "Fetching the
value or values of a single named parameter" at
usr/share/perl5/CGI.pm line 436.
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line
273, this can lead to vulnerabilities. See the warning in "Fetching
the value or values of a single named parameter" at
/usr/share/perl5/CGI.pm line 436.
To test:
1) Go to a members detail page in staff side and create a manual
invoice
2) Go to the pay fines tab, select the fine you just created and click
Pay selected
3) Notice warns
4) Apply patch and repeat steps 1 & 2
5) Warns should be gone
Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit ddf494b18f6c422d3654b0a78a63be86f5356065)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
| members/pay.pl | diffblobblamehistory |