https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41662
--- Comment #16 from David Cook <[email protected]> --- (In reply to Andreas Jonsson from comment #15) > Sorry for not paying attention to this issue, but only look att the op > parameter as this requires that this validation is made in checkauth: > > # FIXME This is only needed for scripts not using plack > my $op = $query->param('op'); > if ( defined $op && $op =~ m{^cud-} ) { > die "Cannot use GET for this request" > if $request_method eq 'GET'; > } Since this script would be served by Plack, the Plack middleware would've already caught it. This is irrelevant. > The comment suggest that this check may be removed at some point. Wouldn't > it be safer to validate the method directly? > > - if ( $op && $op eq 'cud-save' ) { > > + if ( uc $query->request_method eq 'POST' ) { Yes, but that's not the pattern that the rest of Koha uses. It's better to be consistent than "correct". Koha::Middleware::Plack catches the GET op=cud-save issue. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
