https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38275 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Failed QA CC| |dcook@prosentient.com.au --- Comment #6 from David Cook <dcook@prosentient.com.au> --- (In reply to Phil Ringnalda from comment #5)
That's one messed-up CSRF-protection avoiding page: it has a form, with method="post" and op="cud-delete" just like anything doing a delete should, but then the submit button doesn't submit the form, it just concatenates the selected_images together and sticks them on a GET of ?op=delete.
Good spotting, Phil. In this case, you should mark this bug as Failed QA. (Note: anyone can mark a bug as Failed QA.) -- You are receiving this mail because: You are watching all bug changes.