From the pod of Digest::MD5:
"""
Since the MD5 algorithm is only defined for strings of bytes, it can not
be used on strings that contains chars with ordinal number above 255
(Unicode strings). The MD5 functions and methods will croak if you try
to feed them such input data.
What you can do is calculate the MD5 checksum of the UTF-8
representation of such strings.
"""
Test plan:
- Set a MySQL/MariaDB password with unicode characters:
UPDATE user SET password=PASSWORD('❤') WHERE USER='koha_kohadev';
FLUSH PRIVILEGES
- Update your $KOHA_CONF file
- Restart Memcached
- Hit the files modified by this patch
=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Edit: removed debugging leftover
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
if ( $email_add ) {
die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
if ( $email_add ) {
die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
token => scalar $query->param('csrf_token'),
});
my $email = Koha::Email->new();
token => scalar $query->param('csrf_token'),
});
my $email = Koha::Email->new();
virtualshelves => C4::Context->preference("virtualshelves"),
csrf_token => Koha::Token->new->generate_csrf(
{ id => C4::Context->userenv->{id},
virtualshelves => C4::Context->preference("virtualshelves"),
csrf_token => Koha::Token->new->generate_csrf(
{ id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
use CGI qw ( -utf8 );
use Digest::MD5 qw(md5_base64);
use CGI qw ( -utf8 );
use Digest::MD5 qw(md5_base64);
+use Encode qw( encode );
use C4::Context;
use C4::Output;
use C4::Auth;
use C4::Context;
use C4::Output;
use C4::Auth;
op => 'delete_confirm',
csrf_token => Koha::Token->new->generate_csrf(
{ id => C4::Context->userenv->{id},
op => 'delete_confirm',
csrf_token => Koha::Token->new->generate_csrf(
{ id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
token => scalar $input->param('csrf_token'),
});
my $patron = Koha::Patrons->find( $member );
token => scalar $input->param('csrf_token'),
});
my $patron = Koha::Patrons->find( $member );
use Koha::Patron::Categories;
use Digest::MD5 qw(md5_base64);
use Koha::Patron::Categories;
use Digest::MD5 qw(md5_base64);
+use Encode qw( encode );
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
token => scalar $input->param('csrf_token'),
});
token => scalar $input->param('csrf_token'),
});
RoutingSerials => C4::Context->preference('RoutingSerials'),
csrf_token => Koha::Token->new->generate_csrf({
id => C4::Context->userenv->{id},
RoutingSerials => C4::Context->preference('RoutingSerials'),
csrf_token => Koha::Token->new->generate_csrf({
id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
use CGI qw ( -utf8 );
use List::MoreUtils qw/uniq/;
use Digest::MD5 qw(md5_base64);
use CGI qw ( -utf8 );
use List::MoreUtils qw/uniq/;
use Digest::MD5 qw(md5_base64);
+use Encode qw( encode );
# internal modules
use C4::Auth;
# internal modules
use C4::Auth;
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
token => scalar $input->param('csrf_token'),
});
token => scalar $input->param('csrf_token'),
});
$template->param(
csrf_token => Koha::Token->new->generate_csrf(
{ id => C4::Context->userenv->{id},
$template->param(
csrf_token => Koha::Token->new->generate_csrf(
{ id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
#use warnings; FIXME - Bug 2505
use CGI qw ( -utf8 );
use Digest::MD5 qw(md5_base64);
#use warnings; FIXME - Bug 2505
use CGI qw ( -utf8 );
use Digest::MD5 qw(md5_base64);
+use Encode qw( encode );
use C4::Context;
use C4::Auth;
use C4::Output;
use C4::Context;
use C4::Auth;
use C4::Output;
$template->param(
csrf_token => Koha::Token->new->generate_csrf({
id => C4::Context->userenv->{id},
$template->param(
csrf_token => Koha::Token->new->generate_csrf({
id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
use CGI qw ( -utf8 );
use Digest::MD5 qw( md5_base64 md5_hex );
use CGI qw ( -utf8 );
use Digest::MD5 qw( md5_base64 md5_hex );
+use Encode qw( encode );
use String::Random qw( random_string );
use C4::Auth;
use String::Random qw( random_string );
use C4::Auth;
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => $borrower->{userid},
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => $borrower->{userid},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
token => scalar $cgi->param('csrf_token'),
});
token => scalar $cgi->param('csrf_token'),
});
borrower => \%borrower,
csrf_token => Koha::Token->new->generate_csrf({
id => $borrower->{userid},
borrower => \%borrower,
csrf_token => Koha::Token->new->generate_csrf({
id => $borrower->{userid},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
borrower => GetMember( borrowernumber => $borrowernumber ),
csrf_token => Koha::Token->new->generate_csrf({
id => $borrower->{userid},
borrower => GetMember( borrowernumber => $borrowernumber ),
csrf_token => Koha::Token->new->generate_csrf({
id => $borrower->{userid},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
hidden => GetHiddenFields( $mandatory, 'modification' ),
csrf_token => Koha::Token->new->generate_csrf({
id => $borrower->{userid},
hidden => GetHiddenFields( $mandatory, 'modification' ),
csrf_token => Koha::Token->new->generate_csrf({
id => $borrower->{userid},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
if ( $email_add ) {
die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
if ( $email_add ) {
die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
token => scalar $query->param('csrf_token'),
});
my $email = Koha::Email->new();
token => scalar $query->param('csrf_token'),
});
my $email = Koha::Email->new();
virtualshelves => C4::Context->preference("virtualshelves"),
csrf_token => Koha::Token->new->generate_csrf(
{ id => C4::Context->userenv->{id},
virtualshelves => C4::Context->preference("virtualshelves"),
csrf_token => Koha::Token->new->generate_csrf(
{ id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
# č
use CGI qw ( -utf8 );
# č
use CGI qw ( -utf8 );
-# use encoding 'utf8'; # don't do this
use Digest::MD5 qw(md5_base64);
use Digest::MD5 qw(md5_base64);
+use Encode qw( encode );
my (@errors, @feedback);
my $extended = C4::Context->preference('ExtendedPatronAttributes');
my (@errors, @feedback);
my $extended = C4::Context->preference('ExtendedPatronAttributes');
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
token => scalar $input->param('csrf_token'),
});
token => scalar $input->param('csrf_token'),
});
$template->param(
csrf_token => Koha::Token->new->generate_csrf(
{ id => C4::Context->userenv->{id},
$template->param(
csrf_token => Koha::Token->new->generate_csrf(
{ id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
use CGI qw ( -utf8 );
use GD;
use Digest::MD5 qw(md5_base64);
use CGI qw ( -utf8 );
use GD;
use Digest::MD5 qw(md5_base64);
+use Encode qw( encode );
use C4::Context;
use C4::Auth;
use C4::Output;
use C4::Context;
use C4::Auth;
use C4::Output;
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
token => scalar $input->param('csrf_token'),
});
token => scalar $input->param('csrf_token'),
});
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
token => scalar $input->param('csrf_token'),
});
token => scalar $input->param('csrf_token'),
});
$template->param(
csrf_token => Koha::Token->new->generate_csrf({
id => C4::Context->userenv->{id},
$template->param(
csrf_token => Koha::Token->new->generate_csrf({
id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
}),
);
output_html_with_http_headers $input, $cookie, $template->output;
}),
);
output_html_with_http_headers $input, $cookie, $template->output;