http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9735
Galen Charlton <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Failed QA CC| |[email protected] --- Comment #5 from Galen Charlton <[email protected]> --- Reading the code, I see an issue with how the arrayref of cookies is managed. Specifically, consider this scenario: [1] OPAC user starts using the catalog anonymously and builds up some recent searches. [2] OPAC user decides to log in. As it happens, the OPAC has been customized so that the login form permits the user to set their preferred language via the new language parameter. If you trace through the code, it looks like the cookie structure that gets returned in that case would be something like this: [ [ $original_session_cookie, $search_cookie ], $languagecookie ] When this arrayref-inside-arrayref structure is passed to CGI's header method, some testing I did shows that CGI.pm doesn't flatten the list, so the header returned would look like this: Status: 200 OK Set-Cookie: ARRAY(0x222ad48) Set-Cookie: (language cookie) Date: Wed, 05 Jun 2013 16:07:59 GMT Pragma: no-cache Cache-control: no-cache Content-Type: text/html; charset=UTF-8 The end result is that the login would fail. I admit that this example is a little contrived, but it's not beyond the realm of possibility that somebody would want to do this. Consequently, I'm setting this to Failed QA. Please follow up by adjusting the code to ensure that if multiple cookies are set by get_template_and_user(), they all come back as a flat arrayref, not a nested on. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
