https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38056 Bug ID: 38056 Summary: Search term after deleting an authority shouldn't be URI encoded Change sponsored?: --- Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: normal Priority: P3 Component: MARC Authority data support Assignee: phil@chetcolibrary.org Reporter: phil@chetcolibrary.org QA Contact: testopia@bugs.koha-community.org Depends on: 34478 Prior to the CSRF protection, deleting an authority record from search results built up a URL for a GET, and used the uri TT filter on the value param, which is where the search term you used to find the record gets passed to the script for reloading afterward. That was fine (though the use of the html filter on the other params was a bit sketchy, given that they were being stuffed into a URL, not displayed as HTML), but when https://git.koha-community.org/Koha-community/Koha/commit/62d9f73e9e3bfe7fbc... switched from a GET to a form that POSTs, it retained the same escaping, so now we have a URI encoded value being put into a form input, passed over to the script which certainly isn't expecting that, and then stuffed back into the search box and searched for literally: if you do an authority search for "professional computing" and delete one of the results, the page that loads after the deletion is a search for "professional%20computing" Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478 [Bug 34478] Full CSRF protection -- You are receiving this mail because: You are watching all bug changes.