[Koha-bugs] [Bug 28489] New: CGI::Session is incorrectly serialized to DB in production env / when strict_sql_modes = 0

Mon, 31 May 2021 01:15:40 -0700 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28489

            Bug ID: 28489
           Summary: CGI::Session is incorrectly serialized to DB in
                    production env / when strict_sql_modes = 0
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: critical
          Priority: P5 - low
         Component: Authentication
          Assignee: [email protected]
          Reporter: [email protected]
        QA Contact: [email protected]
                CC: [email protected], [email protected],
                    [email protected],
                    [email protected]
        Depends on: 28317

The changes introduced in bug 28317 regarding CGI::Sessions serialization works
OK with koha-testing-docker where KOHA_TESTING env and "strict_sql_modes"
koha-conf.xml config is set to True. However, according to our documentation
strict_sql_modes it should not be used in production environment. If it is
disabled then the CGI::Session serialization encoding breaks.

To reproduce:

1) Set strict_sql_modes = 1 in koha-conf.xml (depending on your test
environment variables you might also just wanna uncomment the relevant code in
Koha/Database.pm)
2) Create branch with a display name "Testä" and switch to that branch in
intranet. 
3) Go to some page in intranet and notice the branch is displayed incorrectly
in the menu

Alternatively this can cause major trouble if for example a branchcode contains
non-ascii letters, e.g. Ä. Then for example on returns.pl we get following
error (and I think lots of other things break as well):

> Broken FK constraint at /usr/share/perl5/Exception/Class/Base.pm line 88


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28317
[Bug 28317] Remove CGI::Session::Serialize::yaml dependency by using the
default serializer
-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to