https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20804
Bug ID: 20804
Summary: Sanitize input of timeout syspref
Change sponsored?: ---
Product: Koha
Version: 17.11
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5 - low
Component: System Administration
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
I naively change timeout syspref from default "1d" to "2h". I get logout
immediatly, and after login again, at the first clic I was logged out again,
with any user, even with koha_instance.
plack-error.log
Use of uninitialized value $lasttime in numeric lt (<) at
/usr/share/koha/lib/C4/Auth.pm line 1425.
Argument "2h" isn't numeric in subtraction (-) at
/usr/share/koha/lib/C4/Auth.pm line 1425.
Argument "2h" isn't numeric in subtraction (-) at
/usr/share/koha/lib/C4/Auth.pm line 862.
I was back again with via sql update (value='1d') and flushing memcached.
I suggest:
- Don't been possible to input an invalid input on timeout (well, on any, but
for the moment on this one). m/^[0-9]*[dD]?$/
- This syspref (maybe others also) shouldn't apply to koha_instance user (God
shouldn't be able to microwave a burrito so hot he himself couldn't eat it).
Would be great 30m and 2h for minutes and hours, but that should be other bug.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
