https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37093 Phil Ringnalda <phil@chetcolibrary.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Mana-kb |Reports CC| |phil@chetcolibrary.org Severity|critical |major Depends on| |36192 --- Comment #1 from Phil Ringnalda <phil@chetcolibrary.org> --- That's because your search is sending a POST to /cgi-bin/koha/svc/mana/search without a CSRF token. https://git.koha-community.org/Koha-community/Koha/src/commit/10853d1edc9c31... is implicitly a POST because it passes an object to .load, but before bug 22250 cleaned things up in https://git.koha-community.org/Koha-community/Koha/commit/679fdaebb1a611859a... it was explicitly a POST (which bizarrely attempted to include a biblionumber, which makes it look like it was originally poorly-chosen copy-paste). That line should instead be $("#mana_result_content").load("/cgi-bin/koha/svc/mana/search #mana_results", "resource=report&usecomments=1&id=" + textquery, function( response, status, xhr ) { That nicely returns results from the search, but were the results ever usable? What I get seems to be the result of replacing newlines with '' rather than with ' ' which garbles everything since it does things like "i.ccodeFROM old_reserves oLEFT JOIN items i" and the SQL parser chokes at oLEFT. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192 [Bug 36192] [OMNIBUS] CSRF Protection for Koha -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.