[Koha-bugs] [Bug 34650] Editing/deleting lists from toolbar on virtualshelves/shelves.pl causes CSRF error
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Aug 30 15:38:22 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34650
Lucas Gass <lucas at bywatersolutions.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #154934|0 |1
is obsolete| |
--- Comment #10 from Lucas Gass <lucas at bywatersolutions.com> ---
Created attachment 154956
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=154956&action=edit
Bug 34650: Convert list toolbar delete into form POST
This patch adds a HTML form with a CSRF token to POST the list delete,
which is triggered by a click handler on the A element. The A element
is still needed for existing style reasons.
Test plan:
0. Apply patch
1. koha-plack --reload kohadev
2. In the staff interface, add a list
3. Go into that list (e.g. virtualshelves/shelves.pl?op=view&shelfnumber=X)
4. From the toolbar click the "Edit" dropdown
5. From the dropdown try either "Edit list" or "Delete list"
6. Note no CSRF error and operation completes as expected
Signed-off-by: Lucas Gass <lucas at bywatersolutions.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list