https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27849
Bug ID: 27849
Summary: Koha::Token may access undefined C4::Context->userenv
Change sponsored?: ---
Product: Koha
Version: 20.11
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: koha-bugs@lists.koha-community.org
Reporter: m...@software.coop
QA Contact: testo...@bugs.koha-community.org
The _add_default_csrf_params internal function accesses C4::Context->userenv
without checking that it has been defined. I think not all of the potential
callers of it declare that they require a defined userenv, so we should test
and provide defaults for required values if it is not defined, to avoid some
"Can't use an undefined value as a HASH reference" HTTP 500 Internal Server
Errors.
Step to Reproduce: write some code that results in that function being used
before a set_userenv call
Actual Result: error logged, code exits
Expected Result: code runs to completion
Additional Information: I am not sure whether this is currently triggered by
any released core koha code, or only a few plugins and mods. It looks to me
like a bug waiting to happen, based on the documentation, which can be avoided
simply.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
