[Koha-bugs] [Bug 38189] New: Odd number of elements in anonymous hash when calling cookie

Wed, 16 Oct 2024 23:21:35 -0700 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38189

            Bug ID: 38189
           Summary: Odd number of elements in anonymous hash when calling
                    cookie
 Change sponsored?: ---
           Product: Koha
           Version: Main
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5 - low
         Component: Architecture, internals, and plumbing
          Assignee: [email protected]
          Reporter: [email protected]
        QA Contact: [email protected]

Found this warn in moremember on 22.11 (no longer in master):
[2024/10/16 09:57:01] [WARN] Odd number of elements in anonymous hash at
/usr/share/koha/members/moremember.pl line 127.
Coming from:
$template->param(     csrf_token => Koha::Token->new->generate_csrf({
session_id => $input->cookie('CGISESSID'),}),   );

Note that CGI::cookie may return an empty list!
From CGI code:
    return () unless $self->{'.cookies'}->{$name};

So we should put a scalar in front of this call to cookie.

But the problem is wider looking at this grep:
git grep -P "CGISESSID['\"]\),"

C4/Auth.pm:                        $in->{query}->cookie("CGISESSID"),
=> From:
                    $sth->execute( $borrowernumber,
                        $in->{query}->cookie("CGISESSID"),
Note that if there would be no cookie, the parameter order will be wrong.

[OK] C4/Output.pm:                    session_id => scalar
$query->cookie('CGISESSID'),
acqui/check_uniqueness.pl:    check_cookie_auth( $input->cookie('CGISESSID'), {
catalogue => 1 } );
=> Wrong. No cookie: wrong order. Etc.

authorities/authorities-home.pl:                sessionid =>
$query->cookie("CGISESSID"),
authorities/ysearch.pl:my ( $auth_status) = check_cookie_auth(
$query->cookie('CGISESSID'), { catalogue => 1 } );
catalogue/image.pl:    check_cookie_auth( $input->cookie('CGISESSID'), {
catalogue => 1 } );
catalogue/search-history.pl:        sessionid => $cgi->cookie("CGISESSID"),
catalogue/search.pl:                    sessionid => $cgi->cookie("CGISESSID"),
cataloguing/plugin_launcher.pl:    check_cookie_auth(
$input->cookie('CGISESSID'), { catalogue => 1 } );
cataloguing/ysearch.pl:my ( $auth_status ) = check_cookie_auth(
$input->cookie('CGISESSID'), { editcatalogue => '*' } );
labels/label-create-csv.pl:    check_cookie_auth( $cgi->cookie('CGISESSID'), {
catalogue => 1 } );
labels/label-create-xml.pl:    check_cookie_auth( $cgi->cookie('CGISESSID'), {
catalogue => 1 } );
members/two_factor_auth.pl:        session_id => scalar
$cgi->cookie('CGISESSID'),
opac/opac-authorities-home.pl:                    sessionid =>
$query->cookie("CGISESSID"),
opac/opac-search-history.pl:            sessionid => $cgi->cookie("CGISESSID"),
opac/opac-search.pl:                            sessionid  =>
$cgi->cookie("CGISESSID"),
opac/svc/checkout_notes:my ( $auth_status ) = check_cookie_auth(
$query->cookie('CGISESSID'), {} );
plugins/plugins-enable.pl:my ( $auth_status ) = check_cookie_auth(
$input->cookie('CGISESSID'), { plugins => 'manage' } );
serials/create-numberpattern.pl:my ($auth_status) =
check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' });
serials/lateissues-export.pl:    check_cookie_auth(
$query->cookie('CGISESSID'), { catalogue => 1 } );
serials/subscription-frequency.pl:my ($auth_status) =
check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' });
serials/subscription-numberpattern.pl:my ($auth_status) =
check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' });
svc/article_request:  check_cookie_auth( $cgi->cookie('CGISESSID'), { circulate
=> 'circulate_remaining_permissions' } );
svc/barcode:my ( $auth_status ) = check_cookie_auth(
$input->cookie('CGISESSID'), { catalogue => '*' } );
svc/cataloguing/automatic_linker.pl:  C4::Auth::check_cookie_auth(
$input->cookie('CGISESSID'), {
svc/checkin:  check_cookie_auth( $input->cookie('CGISESSID'),
svc/checkout_notes:my ( $auth_status ) = check_cookie_auth(
$query->cookie('CGISESSID'), { circulate => 'manage_checkout_notes' } );
svc/club/cancel_enrollment:  check_cookie_auth( $cgi->cookie('CGISESSID'), {
clubs => 'enroll' } );
svc/club/delete:my ( $auth_status ) = check_cookie_auth(
$cgi->cookie('CGISESSID'), { clubs => 'edit_clubs' } );
svc/club/enroll:    check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs =>
'enroll' } );
svc/club/template/delete:my ( $auth_status ) = check_cookie_auth(
$cgi->cookie('CGISESSID'), { clubs => 'edit_templates' } );
svc/cover_images:            $input->cookie('CGISESSID'),
svc/creator_batches:my ( $auth_status ) = check_cookie_auth(
$cgi->cookie('CGISESSID'), { catalogue => 1 } );
svc/holds:  check_cookie_auth( $input->cookie('CGISESSID'),
svc/mana/increment:  check_cookie_auth( $input->cookie('CGISESSID'),
svc/mana/share:  check_cookie_auth( $input->cookie('CGISESSID'),
svc/mana/use:  check_cookie_auth( $input->cookie('CGISESSID'),
svc/members/add_to_list:    $input->cookie('CGISESSID'),
svc/problem_reports:my ( $auth_status ) = check_cookie_auth(
$query->cookie('CGISESSID'), { problem_reports => 1 } );
svc/recall:my ( $auth_status, $sessionID ) = check_cookie_auth(
$input->cookie('CGISESSID'), { recall => 'manage_recalls' } );
svc/renew:  check_cookie_auth( $input->cookie('CGISESSID'),
tools/batch_records_ajax.pl:  check_cookie_auth( $input->cookie('CGISESSID'), {
tools => 'manage_staged_marc' } );

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

Reply via email to