-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello all. I've just installed kohan on Debian Jessie, I'm testing and configuring, sometimes I get screen warning to not connect to server. In intranet-error.log I can see errors in cgi: "search.pl: CGI::param called in list context from package main line 169, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436." I was searchig for the warning, and it seems that mainpage.pl in koha-common needs to be fixed, but I don't know how. Or perhaps there is other way avoid the error. REgards and thanks in advanced -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVrlFyAAoJEPploz+wCpxHPN0P/i2j4kMbdDriaaak3mhakKKM pKSvTEP1o7oundpI33JYuWFse6c+UGc5m2RfQwtaVWQVNB1zIz4MIS4JPnuS5xOK CHU/ZE+CJ0mMpDdqbHTcXUFGyU8oECmU/N3I2FmOCSnG8ZSIIGf8SDRPMZ+zS2of 9MJp84DnGT8grblS0HqreyhuCrD0iuRF1U/p6ed39hBm+b2IGqVHvus3ptM67346 Lih5pdKrJ+mXwUVpL5NCFD7fCOAlU102JUPJBUkqWXCIWz03uWhDFt3GmT2ShOLR gncWk1x+kWtwhSvcsXP4ffpcVuzq84C7zSKcLMHzVQqqxScLs3ZRZVOQAp3jo8lf S/rBOPJPtUbvW5okywfusGx+XKftfiugboU5ueAL8hdS8JQ/uM/BYqfop21qY+el XKWhy5LQ0vA6liWFdCPZZkustjTxXHp1jpLNwNcOfE+lpdCKaThjA0zlxOstkOLw lfaVb8h1Ayi1l7a3luFhDVp9E8Gj08vcs9CivCYVAjNh+KqHhHuYx5Jl0eF3demo yUiecWuLiVDtQYjOe8j45jQ0F/zuN4uzL6dGIvQ5etIEPVucSasUxGU+QJwVVGNk 2BTfNorN/JNwZkDfmQy75gMwCSSCAqsv2rCKaNLGYhOSXl4TtVo94xPqaUZJa1JS iH42vkC9D46wgOIFcj6v =Wghn -----END PGP SIGNATURE-----
The latest version of CGI puts out that warning every time a statement of the form "$xxx = $cgi->param('yyy);" is executed. It should be changed to "$xxx = scalar $cgi->param('yyy');" and exists throughout Koha. My koha-opac-error_log currently contains about 1M of the warnings. It doesn't hurt anything, but is a pain when trying to debug code. On 07/21/2015 10:04 AM, Angel wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hello all.
I've just installed kohan on Debian Jessie, I'm testing and configuring, sometimes I get screen warning to not connect to server. In intranet-error.log I can see errors in cgi:
"search.pl: CGI::param called in list context from package main line 169, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436."
I was searchig for the warning, and it seems that mainpage.pl in koha-common needs to be fixed, but I don't know how. Or perhaps there is other way avoid the error.
REgards and thanks in advanced
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCAAGBQJVrlFyAAoJEPploz+wCpxHPN0P/i2j4kMbdDriaaak3mhakKKM pKSvTEP1o7oundpI33JYuWFse6c+UGc5m2RfQwtaVWQVNB1zIz4MIS4JPnuS5xOK CHU/ZE+CJ0mMpDdqbHTcXUFGyU8oECmU/N3I2FmOCSnG8ZSIIGf8SDRPMZ+zS2of 9MJp84DnGT8grblS0HqreyhuCrD0iuRF1U/p6ed39hBm+b2IGqVHvus3ptM67346 Lih5pdKrJ+mXwUVpL5NCFD7fCOAlU102JUPJBUkqWXCIWz03uWhDFt3GmT2ShOLR gncWk1x+kWtwhSvcsXP4ffpcVuzq84C7zSKcLMHzVQqqxScLs3ZRZVOQAp3jo8lf S/rBOPJPtUbvW5okywfusGx+XKftfiugboU5ueAL8hdS8JQ/uM/BYqfop21qY+el XKWhy5LQ0vA6liWFdCPZZkustjTxXHp1jpLNwNcOfE+lpdCKaThjA0zlxOstkOLw lfaVb8h1Ayi1l7a3luFhDVp9E8Gj08vcs9CivCYVAjNh+KqHhHuYx5Jl0eF3demo yUiecWuLiVDtQYjOe8j45jQ0F/zuN4uzL6dGIvQ5etIEPVucSasUxGU+QJwVVGNk 2BTfNorN/JNwZkDfmQy75gMwCSSCAqsv2rCKaNLGYhOSXl4TtVo94xPqaUZJa1JS iH42vkC9D46wgOIFcj6v =Wghn -----END PGP SIGNATURE----- _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 21/07/15 a las 16:34, Bob Ewart escribió:
The latest version of CGI puts out that warning every time a statement of the form "$xxx = $cgi->param('yyy);" is executed. It should be changed to "$xxx = scalar $cgi->param('yyy');" and exists throughout Koha.
My koha-opac-error_log currently contains about 1M of the warnings. It doesn't hurt anything, but is a pain when trying to debug code.
I'm getting too a AH01215 Apache error message. It's strange: I'm logged as staff, when I click on adbooks.pl (cataloguing) I can see the error in log and when I go to Advanced Search I can see too. The worst is when I select a keyword for search a record: I get a screen warning Koha couldn't connect.
On 07/21/2015 10:04 AM, Angel wrote: Hello all.
I've just installed kohan on Debian Jessie, I'm testing and configuring, sometimes I get screen warning to not connect to server. In intranet-error.log I can see errors in cgi:
"search.pl: CGI::param called in list context from package main line 169, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436."
I was searchig for the warning, and it seems that mainpage.pl in koha-common needs to be fixed, but I don't know how. Or perhaps there is other way avoid the error.
REgards and thanks in advanced
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVr1h5AAoJEPploz+wCpxHqnkQAIfwIJq9MVWYTKTaoBhwJ5I8 x56LVCuChK1lvZRXZSHypMqzPl1faiIxwUumLOxV8KKA2mwX50Ctzu3d9YUIL3YQ ZjHx14SFlO39QaJilLv+rmYBntMNMK5UKGht9QPnjR77z+I3vB97dzIyHrs+EwLo BKnjB9UJNCY8ss1Jav1bMauPA9nUxaacwuD4bXMwOicXqJZLD1riYfh7ZJC1HENE g+RMkmI6iY7uXV4NdgMf0vqrFDRt+Rq9CulSzUdRax79T55Emzj87+j1ITORT6fp /qnABsQON1Ha6aRd5J07Eq5sAKqrq2o7GKuvkHYHlzhJWVNMexSb0UZ4wFvy9df7 ojRtCYkQdgiFOBwWmOGC0F+T8YlLOYAA5/fu+/emtFwiQzrB3mWFmobFs1q5WcR7 IMhXmNub/nqW5U92P+WlwF2Ro3XT9rSwfCvLlFzrU9fAhZKD/gL1+FCKcnDMpCu7 FhvrzmTMDVVVDfD2Im1OR/yPCpGtYJFF5oR5paxD95GaUjDPoialJXOUgWZZX7Dp m8COA8sTGd14Y+VJc3YaQWIv/lVCBBvKZBCMyXiMe0z+BwTdlNOP5ftjlrx+kX4h ZYRMPMuaKgyBvAitFh86bxfUx11eM1yH1VeI2u9KzhRg1jM5OzRn2YYDoSZIQpZG Tvp5ApTjgTkpIC/Z3a6k =MVZI -----END PGP SIGNATURE-----
Greetings, Many of those errors, I have been working on submitting patches as I run into them in areas I am working on. As the other response said they aren't a significant concern, except for floody logs (which I thoroughly deplore and aim to fix every chance I encounter them while working). GPML, Mark Tompsett -----Original Message [CUT AND EDIT] ----- From: Angel Sent: Tuesday, July 21, 2015 10:04 AM "search.pl: CGI::param called in list context from package main line 169, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436." I was searchig for the warning, and it seems that mainpage.pl in koha-common needs to be fixed, but I don't know how. Or perhaps there is other way avoid the error. REgards and thanks in advanced
participants (3)
-
Angel -
Bob Ewart -
Mark Tompsett