• Marcel de Rooy's avatar
    Bug 7550: [QA Follow-up] Resolve param warning from sco-patron-image · e96f39ab
    Marcel de Rooy authored
    Resolve this warning:
      CGI::param called in list context from package C4::Service line 212, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.
    It comes from the require_params call in sco-patron-image.pl.
    Git grepping on require_params tells me this:
      members/default_messageprefs.pl:my ($categorycode) = C4::Service->require_params('categorycode');
      opac/sco/sco-patron-image.pl:my ($borrowernumber) = C4::Service->require_params('borrowernumber');
      opac/sco/sco-patron-image.pl:my ($csrf_token) = C4::Service->require_params('csrf_token');
      svc/cataloguing/metasearch:my ( $query_string, $servers ) = C4::Service->require_params( 'q', 'servers' );
    The only candidate for multi_param seems to be 'servers', but as we can see
    this variable is a scalar. Additional servers returned by require_params are
    lost. This should be solved on its own report.
    So, we can safely add scalar to the params call, resolve the warning and
    keep the same behavior.
    Signed-off-by: 's avatarMarcel de Rooy <m.de.rooy@rijksmuseum.nl>
    Signed-off-by: 's avatarKyle M Hall <kyle@bywatersolutions.com>
Service.pm 7.52 KB