https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37766
Bug ID: 37766
Summary: Fix forms that POST without an op in MARC
bibliographic frameworks
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P3
Component: System Administration
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
Depends on: 36192
Blocks: 37728
We intend not to have forms with method="post" without an op variable (so we
can check that the op starts with "cud-" as part of the CSRF protection), but
because of bug 37728 some were missed.
In MARC bibliographic frameworks, that's the tag search form, which is very
much not something that should or needs to POST, and doing so prevents
bookmarking or linking to a search for a particular tag, and the cancel "No, do
not delete" button in the confirmation page while deleting a subfield, which
doesn't need to POST because it doesn't need to send anything other than what's
needed to go back to where you were.
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192
[Bug 36192] [OMNIBUS] CSRF Protection for Koha
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37728
[Bug 37728] More "op" are missing in POSTed forms
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
