https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38092
Bug ID: 38092
Summary: members/files, acqui/invoice-files: Could create
memory issues, handling larger files
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Triggered by looking at bug 37365, I notice that members/files does read the
contents of a file into a variable before uploading it.
while (<$uploaded_file>) {
$file_content .= $_;
}
This is passed to Koha/Patron/Files, sub AddFile. Which does a direct SQL
INSERT into borrower_files without checking size etc.
Note that we also have Koha/Misc/Files.pm which also has a similar sub AddFile
and contains code to insert file contents into table misc_files. Seems to be
used in ACQ context only.
So we have the same kind of problem in acqui/invoice-files.pl:
my $file_content = do { local $/; <$uploaded_file>; };
No checks either.
The scope of this problem is somehow reduced by the fact that we luckily have
no OPAC counterparts for those actions.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
