[Bug 35019] New: Can't delete news from the staff interface main page
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Bug ID: 35019 Summary: Can't delete news from the staff interface main page Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Staff interface Assignee: koha-bugs@lists.koha-community.org Reporter: emily-rose.francoeur@inLibro.com QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com It’s no longer possible to delete news entries from the homepage in the staff interface. To reproduce the bug: 1) Go to “Tools > News > New entry” 2) “Display location” should be set to “Staff interface” 3) Fill in the fields 4) Return to the homepage 5) Try to delete the newly created news entry 6) The “Additional contents” page is displayed with the message “There are no additional contents.” 7) Return to the homepage; the news entry is not deleted. The “Additional contents” page expects to receive a CSRF token, but none is sent, causing the issue. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Émily-Rose Francoeur <emily-rose.francoeur@inLibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |emily-rose.francoeur@inLibr |ity.org |o.com CC| |caroline.cyr-la-rose@inlibr | |o.com, | |emily-rose.francoeur@inLibr | |o.com, | |philippe.blouin@inlibro.com -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 --- Comment #1 from Émily-Rose Francoeur <emily-rose.francoeur@inLibro.com> --- Created attachment 156801 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=156801&action=edit Bug 35019: Add a CSRF token when deleting news I add a CSRF token as a parameter in the link for deleting a news entry, which solves the problem. TEST PLAN 1) Apply the patch 2) Go to “Tools > News > New entry” 3) “Display location” should be set to “Staff interface” 4) Fill in the fields 5) Return to the homepage 6) Delete the created news entry 7) The “Additional contents” page is displayed, and the deleted news entry no longer appears 8) Return to the homepage; the news entry no longer displays -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Émily-Rose Francoeur <emily-rose.francoeur@inLibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #156801|0 |1 is obsolete| | --- Comment #2 from Émily-Rose Francoeur <emily-rose.francoeur@inLibro.com> --- Created attachment 156802 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=156802&action=edit Bug 35019: Add a CSRF token when deleting news I add a CSRF token as a parameter in the link for deleting a news entry, which solves the problem. TEST PLAN 1) Apply the patch 2) Go to "Tools > News > New entry" 3) "Display location" should be set to "Staff interface" 4) Fill in the fields 5) Return to the homepage 6) Delete the created news entry 7) The "Additional contents" page is displayed, and the deleted news entry no longer appears 8) Return to the homepage; the news entry no longer displays -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Émily-Rose Francoeur <emily-rose.francoeur@inLibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Marcel de Rooy <m.de.rooy@rijksmuseum.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |m.de.rooy@rijksmuseum.nl -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Trivial patch Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #156802|0 |1 is obsolete| | --- Comment #3 from Owen Leonard <oleonard@myacpl.org> --- Created attachment 156822 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=156822&action=edit Bug 35019: Add a CSRF token when deleting news I add a CSRF token as a parameter in the link for deleting a news entry, which solves the problem. TEST PLAN 1) Apply the patch 2) Go to "Tools > News > New entry" 3) "Display location" should be set to "Staff interface" 4) Fill in the fields 5) Return to the homepage 6) Delete the created news entry 7) The "Additional contents" page is displayed, and the deleted news entry no longer appears 8) Return to the homepage; the news entry no longer displays Signed-off-by: Owen Leonard <oleonard@myacpl.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|enhancement |normal -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #156822|0 |1 is obsolete| | --- Comment #4 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Created attachment 157215 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=157215&action=edit Bug 35019: Add a CSRF token when deleting news I add a CSRF token as a parameter in the link for deleting a news entry, which solves the problem. TEST PLAN 1) Apply the patch 2) Go to "Tools > News > New entry" 3) "Display location" should be set to "Staff interface" 4) Fill in the fields 5) Return to the homepage 6) Delete the created news entry 7) The "Additional contents" page is displayed, and the deleted news entry no longer appears 8) Return to the homepage; the news entry no longer displays Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to master Version(s)| |23.11.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 --- Comment #5 from Tomás Cohen Arazi <tomascohen@gmail.com> --- Pushed to master for 23.11. Nice work everyone, thanks! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Fridolin Somers <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fridolin.somers@biblibre.co | |m Depends on| |34368 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Fridolin Somers <fridolin.somers@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to master |Pushed to stable Version(s)|23.11.00 |23.11.00,23.05.05 released in| | --- Comment #6 from Fridolin Somers <fridolin.somers@biblibre.com> --- Pushed to 23.05.x for 23.05.05 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #7 from David Cook <dcook@prosentient.com.au> --- On a side note, generally speaking, we want to avoid putting CSRF tokens in GET requests, and we want to avoid state changes via GET requests. This could've been an opportunity to refactor this delete to use a POST instead. At some point, I think we'll update the coding guidelines to reflect that, but just a FYI to folk. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to stable |Pushed to oldstable Version(s)|23.11.00,23.05.05 |23.11.00,23.05.05,22.11.12 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 --- Comment #8 from Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> --- Nice work everyone! Pushed to oldstable for 22.11.x -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35019 Bug 35019 depends on bug 34368, which changed state. Bug 34368 Summary: Add CSRF protection to Content Management pages https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34368 What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to oldstable |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org