https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38275 Phil Ringnalda <phil@chetcolibrary.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@gmail.com, | |phil@chetcolibrary.org --- Comment #5 from Phil Ringnalda <phil@chetcolibrary.org> --- That's one messed-up CSRF-protection avoiding page: it has a form, with method="post" and op="cud-delete" just like anything doing a delete should, but then the submit button doesn't submit the form, it just concatenates the selected_images together and sticks them on a GET of ?op=delete. -- You are receiving this mail because: You are watching all bug changes.