[Koha-devel] Koha CSRF protection
Marcel de Rooy
M.de.Rooy at rijksmuseum.nl
Mon Mar 4 08:37:36 CET 2024
Great work!
From: Koha-devel <koha-devel-bounces at lists.koha-community.org> On Behalf Of Nick Clemens via Koha-devel
Sent: Friday, March 1, 2024 2:26 PM
To: Koha Devel <koha-devel at lists.koha-community.org>; Koha <koha at lists.katipo.co.nz>
Subject: [Koha-devel] Koha CSRF protection
Hello all!
We have pushed the CSRF work from 34478 and related bugs today. We know there are more follow-ups needed, and have filed a series of bugs under an omnibus:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192
We have a framapad where issues can be reported/found:
https://annuel.framapad.org/p/koha_34478_remaining
And we have bugs for each of the sections of the document. We need all developers to submit patches when they encounter issues, and for other users testing master to report found issues on the pad. Testers can report issues on the pad as well.
There is a new coding guideline - all POSTs to forms in Koha will need to include a csrf token:
https://wiki.koha-community.org/wiki/Coding_Guidelines#Security
This has been a big work, many thanks to all involved, and there is still work to be done, but this is an important fix that we must do.
You can reach out to me on IRC (kidclamp) or via email and I will do my best to help anyone contribute.
Thanks,
Nick
--
Nick Clemens
ByWater Solutions
bywatersolutions.com<http://bywatersolutions.com/>
Phone: (888) 900-8944
Pronouns: (he/him/his)
Timezone: Eastern
[https://docs.google.com/uc?export=download&id=1eLlHaKRZxg0CP6nlW7rG0J4qdtoIuoNr&revid=0B0ga69kSs543QWlEa3V4aGI4dFlXMlVQd0ZEbVY5dFBXQUk0PQ]
Follow us:
[https://docs.google.com/uc?export=download&id=1UU2Vj_xX_WgcBojhYbea9ck0TaLwoLky&revid=0B0ga69kSs543R2xUajk5MnF0VE9EcjhtSjZBc1R0YVpSL0NFPQ]<https://www.facebook.com/ByWaterSolutions/> [https://docs.google.com/uc?export=download&id=1SCTJQAzf1zB5c7NmTLQwtexAgNl4_jPC&revid=0B0ga69kSs543N0tKSG9ZRk55MXk2Qmt3TXJ2TE1Ca1g4T1hFPQ] <https://www.instagram.com/bywatersolutions/> [https://docs.google.com/uc?export=download&id=1zVkZyWeLDKyDM5RhOLMRHigl4VYN5j43&revid=0B0ga69kSs543eU9ZUVVyalFqNlVodEtZTmRSNElrQlV2MlhJPQ] <https://www.youtube.com/user/bywatersolutions> [https://docs.google.com/uc?export=download&id=1b9EkTbJHwpA_Lf4iKYdoSyIlxwyasLPq&revid=0B0ga69kSs543WWFieW52VkRpZEhkdGRjcXVBejBTZUltS0hrPQ] <https://twitter.com/ByWaterSolution>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20240304/5b619373/attachment.htm>
More information about the Koha-devel
mailing list