https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37612 Bug ID: 37612 Summary: Batch modifying patrons from patron lists broken by CSRF protection Change sponsored?: --- Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: major Priority: P5 - low Component: Tools Assignee: phil@chetcolibrary.org Reporter: phil@chetcolibrary.org QA Contact: testopia@bugs.koha-community.org Blocks: 36192 Patron lists have an Actions menuitem to Batch edit patrons, which sends a GET to tools/modborrowers.pl?patron_list_id=1&op=show. But because the other two ways to modborrowers are to upload a file of borrowernumbers or to stick a possibly-huge number of borrowernumbers into a textarea, both of which require a POST, the op is now cud-show, not because it does anything CUD, but because it has to accept POSTs. It just needs the same solution as https://git.koha-community.org/Koha-community/Koha/src/commit/99c2064126978f... to accept both cud-show and show. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192 [Bug 36192] [OMNIBUS] CSRF Protection for Koha -- You are receiving this mail because: You are watching all bug changes.