https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15809
Galen Charlton <gmcha...@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gmcha...@gmail.com --- Comment #10 from Galen Charlton <gmcha...@gmail.com> --- So, ->param() starts displaying warnings when evaluated in list context as of CGI.pm 4.05. ->multi_param() was added in 4.08 as a way of saying "I really want multiple parameter values, don't make me do { $CGI::LIST_CONTEXT_WARN = 0; @f = $q->param('foo'); } just to quell the warning." To deal with the most common exploit scenario, "git grep '=>.*->param'" turns up ~270 cases where we most likely *don't* want multi_param(); rather, we want to wrap ->param in scalar(...). I think that should be the first priority. "git grep '@.*->param'" turns up 332 places in 120 files where a parameter is intentionally being fed into a list. I'm not keen about monkey-patching a core module, though I recognize the expediency of it; but if we go that route so that we can start using ->multi_param() across the board, I think we *shouldn't* set $CGI::LIST_CONTEXT_WARN. An alternative would be adding a bunch of "local $CGI::LIST_CONTEXT_WARN = 0;" and making a note to ourselves to replace that with ->multi_param() once we're past the point where stable Linux distros ship CGI.pm older than 4.08. We could also do it like this: Change: @f = $cgi->param('foo'); To: @f = Koha::CGI::multi_param($cgi, 'foo'); where Koha::CGI::multi_param looks something like this: sub multi_param { my ($cgi, $param) = @_; local $CGI::LIST_CONTEXT_WARN = 0; return $cgi->param($param); } That way, we're not monkey-patching a core module and we get something that we can mechanically translate to $cgi->multi_param once we're assured of having a recent enough version of CGI.pm. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/