Bug 7862: Preventing warns when creating a notice

To reproduce warns:
1) Go to Tools -> Notices & slips
2) Create a new notice of any module

Notice these warns:
Use of uninitialized value $code in regexp compilation at
/home/vagrant/kohaclone/tools/letter.pl line 265.
Use of uninitialized value $code in regexp compilation at
/home/vagrant/kohaclone/tools/letter.pl line 265.
Use of uninitialized value $code in regexp compilation at
/home/vagrant/kohaclone/tools/letter.pl line 265.

CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_svc_letters_get line 50, this
can lead to vulnerabilities. See the warning in "Fetching the value or
values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.
CGI::param called in list context from package
CGI::Compile::ROOT::home_vagrant_kohaclone_svc_letters_get line 50, this
can lead to vulnerabilities. See the warning in "Fetching the value or
values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.

3) Create a new notice of the Circulation module

Notice this additional warn:
Use of uninitialized value $code in pattern match (m//) at
/home/vagrant/kohaclone/tools/letter.pl line 258.

To test:
4) Apply patch and refresh page
5) Run steps 1-3 again and confirm no warns show

Sponsored-by: Catalyst IT
Signed-off-by: Maryse Simard <maryse.simard@inlibro.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

diff --git a/svc/letters/get b/svc/letters/get
index 708de74..dabb8db 100755 (executable)
--- a/svc/letters/get
+++ b/svc/letters/get
@@ -47,7 +47,9 @@ Used to get letters with a given letter code.
 our ( $query, $response ) = C4::Service->init( tools => 'edit_notices' );
 
 sub get_letters {
-    my $letters = GetLetters({ code => $query->param('code'), branchcode => $query->param('branchcode') });
+    my $code = scalar $query->param('code');
+    my $branchcode = scalar $query->param('branchcode');
+    my $letters = GetLetters({ code => $code, branchcode => $branchcode });
     $response->param( letters => $letters );
     C4::Service->return_success( $response );
 }

diff --git a/tools/letter.pl b/tools/letter.pl
index 0cc0029..f1a234b 100755 (executable)
--- a/tools/letter.pl
+++ b/tools/letter.pl
@@ -255,14 +255,17 @@ sub add_form {
             push @{$field_selection}, add_fields('issues');
         }
 
-        if ( $module eq 'circulation' and $code =~ /^AR_/  ) {
+        if ( $module eq 'circulation' and $code and $code =~ /^AR_/  ) {
             push @{$field_selection}, add_fields('article_requests');
         }
     }
 
-    my $preview_is_available = grep {/^$code$/} qw(
-        CHECKIN CHECKOUT HOLD_SLIP
-    );
+    my $preview_is_available = 0;
+
+    if ($code) {
+        $preview_is_available = grep {/^$code$/} qw( CHECKIN CHECKOUT HOLD_SLIP );
+    }
+
     $template->param(
         module     => $module,
         SQLfieldnames => $field_selection,