https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21115
--- Comment #1 from Marcel de Rooy <m.de.r...@rijksmuseum.nl> --- Created attachment 77256 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77256&action=edit Bug 21115: Add multi_param call and add divider in cache key in svc/report and opac counterpart Resolve things like: CGI::param called in list context from package CGI::Compile::ROOT::usr_share_koha_prodclone_opac_svc_report line 42, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436. The cache key in both script looks like: opac:report:id:602018 but should for consistency be: opac:report:id:60:2018 Note: The 2018 here is part of the sql_params and should not be concatenated to the report id. Test plan: Do not yet apply this patch. Make a report public, set cache to 300 secs. Check its output with opac/svc/report. Check for the warn in your log. Apply the patch, restart Plack and flush cache. Check opac/svc/report. Modify your report; e.g. add a simple string to the SELECT. Check opac/svc/report. You should still see cached output. Flush the cache. Check opac/svc/report. You should now see the added text. Signed-off-by: Marcel de Rooy <m.de.r...@rijksmuseum.nl> Tested also by clearing individual keys with $cache->clear_from_cache. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/