[Bug 41662] CSRF-vulnerability in opac-patron-consent.pl.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41662 --- Comment #15 from Andreas Jonsson <andreas.jonsson@kreablo.se> --- Sorry for not paying attention to this issue, but only look att the op parameter as this requires that this validation is made in checkauth: # FIXME This is only needed for scripts not using plack my $op = $query->param('op'); if ( defined $op && $op =~ m{^cud-} ) { die "Cannot use GET for this request" if $request_method eq 'GET'; } The comment suggest that this check may be removed at some point. Wouldn't it be safer to validate the method directly? - if ( $op && $op eq 'cud-save' ) { + if ( uc $query->request_method eq 'POST' ) { -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org