[Koha-bugs] [Bug 37794] Fix form that POSTs without an op in Holds to pull
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37794 Bug 37794 depends on bug 36192, which changed state. Bug 36192 Summary: [OMNIBUS] CSRF Protection for Koha https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192 What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 37794] Fix form that POSTs without an op in Holds to pull
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37794 Aude Charillon changed: What|Removed |Added Status|Needs documenting |RESOLVED Resolution|--- |FIXED CC||aude.charillon@ptfs-europe. ||com --- Comment #7 from Aude Charillon --- No need for update to Koha Manual. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 37794] Fix form that POSTs without an op in Holds to pull
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37794 Fridolin Somers changed: What|Removed |Added Status|Pushed to stable|Needs documenting CC||fridolin.som...@biblibre.co ||m --- Comment #6 from Fridolin Somers --- Not for 23.11.x -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 37794] Fix form that POSTs without an op in Holds to pull
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37794 Lucas Gass (lukeg) changed: What|Removed |Added CC||lu...@bywatersolutions.com Version(s)|24.11.00|24.11.00,24.05.06 released in|| Status|Pushed to main |Pushed to stable --- Comment #5 from Lucas Gass (lukeg) --- Backported to 24.05.x for upcoming 24.05.06 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 37794] Fix form that POSTs without an op in Holds to pull
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37794 --- Comment #4 from Katrin Fischer --- Pushed for 24.11! Well done everyone, thank you! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 37794] Fix form that POSTs without an op in Holds to pull
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37794 Katrin Fischer changed: What|Removed |Added Status|Passed QA |Pushed to main Version(s)||24.11.00 released in|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 37794] Fix form that POSTs without an op in Holds to pull
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37794 Jonathan Druart changed: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 37794] Fix form that POSTs without an op in Holds to pull
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37794 Jonathan Druart changed: What|Removed |Added CC||jonathan.dru...@gmail.com --- Comment #3 from Jonathan Druart --- Trivial, skipping QA. Bugfix and definitely an improvement (having the filters in the URL!) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 37794] Fix form that POSTs without an op in Holds to pull
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37794 Jonathan Druart changed: What|Removed |Added Attachment #170922|0 |1 is obsolete|| --- Comment #2 from Jonathan Druart --- Created attachment 170941 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=170941&action=edit Bug 37794: Fix form that POSTs without an op in Holds to pull We intend not to have forms with method="post" without an op variable (so we can check that the op starts with "cud-" as part of the CSRF protection), but because of bug 37728 some were missed. In Holds to pull that's the form which lets you change from the default starting and ending date. Switching that to a GET at least lets you refresh the page without getting a browser warning about resending a POST and maybe having your credit card double-charged. Test plan: 1. Without the patch, Circulation - Holds to pull - change the start date to something earlier and click Submit 2. Refresh the page, get a warning about resubmitting data 3. Apply patch, Circulation - Holds to pull - change the start date to something earlier and click Submit 4. Refresh the page, no warning Sponsored-by: Chetco Community Public Library Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 37794] Fix form that POSTs without an op in Holds to pull
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37794 Jonathan Druart changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 37794] Fix form that POSTs without an op in Holds to pull
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37794 --- Comment #1 from Phil Ringnalda --- Created attachment 170922 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=170922&action=edit Bug 37794: Fix form that POSTs without an op in Holds to pull We intend not to have forms with method="post" without an op variable (so we can check that the op starts with "cud-" as part of the CSRF protection), but because of bug 37728 some were missed. In Holds to pull that's the form which lets you change from the default starting and ending date. Switching that to a GET at least lets you refresh the page without getting a browser warning about resending a POST and maybe having your credit card double-charged. Test plan: 1. Without the patch, Circulation - Holds to pull - change the start date to something earlier and click Submit 2. Refresh the page, get a warning about resubmitting data 3. Apply patch, Circulation - Holds to pull - change the start date to something earlier and click Submit 4. Refresh the page, no warning Sponsored-by: Chetco Community Public Library -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 37794] Fix form that POSTs without an op in Holds to pull
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37794 Phil Ringnalda changed: What|Removed |Added Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
