[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 Fridolin SOMERS changed: What|Removed |Added CC||fridolin.som...@biblibre.co ||m Status|Pushed to Stable|RESOLVED Resolution|--- |FIXED --- Comment #11 from Fridolin SOMERS --- Pushed to 17.11.x for 17.11.10 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 Martin Renvoize changed: What|Removed |Added CC||martin.renvoize@ptfs-europe ||.com Status|Pushed to Master|Pushed to Stable --- Comment #10 from Martin Renvoize --- Pushed to 18.05.x for 18.05.04 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 Nick Clemens changed: What|Removed |Added Status|Passed QA |Pushed to Master CC||n...@bywatersolutions.com --- Comment #9 from Nick Clemens --- Awesome work all! Pushed to master for 18.11 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 Marcel de Rooy changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=21325 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 Marcel de Rooy changed: What|Removed |Added Patch complexity|--- |Small patch Status|BLOCKED |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 --- Comment #8 from Marcel de Rooy --- Created attachment 78528 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=78528=edit Bug 13779: (QA follow-up) Correct checkauth call in offline_circ/download.pl Script offline_circ/download.pl does not use the return values of checkauth. So should not assign them to bad chosen variables that do not correspond with checkauth but with get_template_and_user. Test plan: Look for $template, $loggedinuser, $cookie, $flags in the code. Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 Marcel de Rooy changed: What|Removed |Added Attachment #78452|0 |1 is obsolete|| --- Comment #7 from Marcel de Rooy --- Created attachment 78527 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=78527=edit Bug 13779: sessionID declared twice in C4::Auth::checkauth() The bug is that $sessionID is declared twice in C4::Auth::checkauth(). At the moment, this doesn't actually create a problem, because no one seems to be using the $sessionID which is returned by checkauth(), except in the case of opac/external/overdrive/auth.pl which skips the second declartion as it doesn't require auth. This patch removes the redefining of the $sessionID variable. In terms of testing, try logging in with a username and password and see if it works. The only risk this patch would pose is breaking auth I would think, since nothing is actually using the return value from checkauth() for $sessionID. NOTE: It was initially defined near the top of the function (~line 791). I believe the scoping would mean the correct version of $sessionID would be used in the latter lines for the unset'ing. I have skimmed code to see if the sessionID return value is used. I did not test overdrive, as I do not know how. However, this is the only area, I think this could possibly break. This change makes sense to me. QA: Please test overdrive. opac/external/overdrive/auth.pl only checks if the value is set, so this patch might fix/break something there? opac/svc/overdrive same kind of check. Signed-off-by: Mark Tompsett Signed-off-by: Marcel de Rooy This is a (tiny) code improvement. Now we consistently return the session id that is also stored in the returned cookie. (Which can be an 'anon' session.) Fact is that Koha almost everywhere ignores the returned session id and sometimes gets the session from the cookie (obviously). The session id is also passed to the template by get_template_and_user but never used in templates. As mentioned, the two overdrive scripts are the exception. But since both test on both $user && $sessionID, they will not choke on an anynonomous session id without userid. So theoretically fine, but not tested. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 --- Comment #6 from Marcel de Rooy --- This looks good to me so far, but I will finish it just later today or Monday. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 Marcel de Rooy changed: What|Removed |Added Status|Signed Off |BLOCKED --- Comment #5 from Marcel de Rooy --- QA: Looking here -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 Marcel de Rooy changed: What|Removed |Added Assignee|gmcha...@gmail.com |dc...@prosentient.com.au CC||m.de.r...@rijksmuseum.nl QA Contact|testo...@bugs.koha-communit |m.de.r...@rijksmuseum.nl |y.org | --- Comment #4 from Marcel de Rooy --- Please use the assignee field, David. Thx. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 M. Tompsett changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 M. Tompsett changed: What|Removed |Added Attachment #77099|0 |1 is obsolete|| --- Comment #3 from M. Tompsett --- Created attachment 78452 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=78452=edit Bug 13779: sessionID declared twice in C4::Auth::checkauth() The bug is that $sessionID is declared twice in C4::Auth::checkauth(). At the moment, this doesn't actually create a problem, because no one seems to be using the $sessionID which is returned by checkauth(), except in the case of opac/external/overdrive/auth.pl which skips the second declartion as it doesn't require auth. This patch removes the redefining of the $sessionID variable. In terms of testing, try logging in with a username and password and see if it works. The only risk this patch would pose is breaking auth I would think, since nothing is actually using the return value from checkauth() for $sessionID. NOTE: It was initially defined near the top of the function (~line 791). I believe the scoping would mean the correct version of $sessionID would be used in the latter lines for the unset'ing. I have skimmed code to see if the sessionID return value is used. I did not test overdrive, as I do not know how. However, this is the only area, I think this could possibly break. This change makes sense to me. QA: Please test overdrive. opac/external/overdrive/auth.pl only checks if the value is set, so this patch might fix/break something there? opac/svc/overdrive same kind of check. Signed-off-by: Mark Tompsett -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 --- Comment #2 from David Cook --- Created attachment 77099 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=77099=edit Bug 13779 - sessionID declared twice in C4::Auth::checkauth() The bug is that $sessionID is declared twice in C4::Auth::checkauth(). At the moment, this doesn't actually create a problem, because no one seems to be using the $sessionID which is returned by checkauth(), except in the case of opac/external/overdrive/auth.pl which skips the second declartion as it doesn't require auth. This patch removes the redefining of the $sessionID variable. In terms of testing, try logging in with a username and password and see if it works. The only risk this patch would pose is breaking auth I would think, since nothing is actually using the return value from checkauth() for $sessionID. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 David Cook changed: What|Removed |Added Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 13779] sessionID declared twice in C4::Auth::checkauth()
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13779 --- Comment #1 from David Cook --- This is still an issue. I'm tempted to write a patch for it, but I fear that it'll be too scary for people to test since it's in C4::Auth. At the moment, it doesn't really affect anyone (except for me with code which isn't in Koha). We can verify this by running the following in the root git directory: grep -l -R "checkauth" --exclude="*.t" --exclude="*.pm" | xargs -n1 grep "sessionID" For the most part, nothing gets done with sessionID. The one exception seems to be opac/external/overdrive/auth.pl but it doesn't actually require auth so it doesn't go down the bad path in C4::Auth. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/