The following warns are triggered when I click the Pay selected button:
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line 267,
this can lead to vulnerabilities. See the warning in "Fetching the
value or values of a single named parameter" at
usr/share/perl5/CGI.pm line 436.
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_members_pay_2epl line
273, this can lead to vulnerabilities. See the warning in "Fetching
the value or values of a single named parameter" at
/usr/share/perl5/CGI.pm line 436.
To test:
1) Go to a members detail page in staff side and create a manual
invoice
2) Go to the pay fines tab, select the fine you just created and click
Pay selected
3) Notice warns
4) Apply patch and repeat steps 1 & 2
5) Warns should be gone
Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
foreach (@params) {
if (/^incl_par_(\d+)$/) {
my $index = $1;
- push @lines_to_pay, $input->param("accountlines_id$index");
+ push @lines_to_pay, scalar $input->param("accountlines_id$index");
$amt += $input->param("amountoutstanding$index");
}
}
$amt = '&amt=' . $amt;
my $sel = '&selected=' . join ',', @lines_to_pay;
- my $notes = '¬es=' . join("%0A", map { $input->param("payment_note_$_") } @lines_to_pay );
+ my $notes = '¬es=' . join("%0A", map { scalar $input->param("payment_note_$_") } @lines_to_pay );
my $redirect =
"/cgi-bin/koha/members/paycollect.pl?borrowernumber=$borrowernumber"
. $amt