[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 Bug 38921 depends on bug 34478, which changed state. Bug 34478 Summary: Full CSRF protection https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478 What|Removed |Added Status|Pushed to main |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 --- Comment #5 from Paul Derscheid --- Nice work everyone! Pushed to 24.11.x for 24.11.04 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 Paul Derscheid changed: What|Removed |Added Status|Pushed to main |Pushed to stable Version(s)|25.05.00|25.05.00,24.11.04 released in|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 Katrin Fischer changed: What|Removed |Added Version(s)||25.05.00 released in|| Status|Passed QA |Pushed to main -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 --- Comment #4 from Katrin Fischer --- Pushed for 25.05! Well done everyone, thank you! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 Marcel de Rooy changed: What|Removed |Added Attachment #176926|0 |1 is obsolete|| --- Comment #3 from Marcel de Rooy --- Created attachment 177099 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=177099&action=edit Bug 38921: Remove unused href from Cancel hold link The trashcan icon to cancel a hold from the list of holds on a bib record has a leftover href attribute from before the bug 34478 CSRF protection changes. It has an 'op=cancel' which does nothing since there's only a cud-cancel op, so it just falls through to the view case and redisplays the page if you open it in a new tab, and doesn't get used at all if you click the trashcan, when JavaScript builds up a form that you can POST. Test plan: 1. Place a hold on any item. 2. On the list of holds, right-click the Cancel hold trashcan icon, and select Open in new tab 3. In the new tab, note that the URL in the browser address bar shows all sorts of things about op=cancel and borrowernumber and biblionumber and reserveid, but nothing changed, your hold wasn't deleted 4. Close that pointless tab, and apply patch 5. Reload the page with the list of holds, and again right-click the Cancel hold trashcan and select Open in new tab 6. In the new tab, note that the URL just has the biblionumber and a #, no other extraneous things 7. In the original tab, left-click the trashcan, confirm cancellation in the popup, and make sure that cancelling still does work. Sponsored-by: Chetco Community Public Library Signed-off-by: David Nind Signed-off-by: Marcel de Rooy -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 Marcel de Rooy changed: What|Removed |Added QA Contact|[email protected] |[email protected] |y.org | CC||[email protected] -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 Marcel de Rooy changed: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 David Nind changed: What|Removed |Added Attachment #176766|0 |1 is obsolete|| --- Comment #2 from David Nind --- Created attachment 176926 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=176926&action=edit Bug 38921: Remove unused href from Cancel hold link The trashcan icon to cancel a hold from the list of holds on a bib record has a leftover href attribute from before the bug 34478 CSRF protection changes. It has an 'op=cancel' which does nothing since there's only a cud-cancel op, so it just falls through to the view case and redisplays the page if you open it in a new tab, and doesn't get used at all if you click the trashcan, when JavaScript builds up a form that you can POST. Test plan: 1. Place a hold on any item. 2. On the list of holds, right-click the Cancel hold trashcan icon, and select Open in new tab 3. In the new tab, note that the URL in the browser address bar shows all sorts of things about op=cancel and borrowernumber and biblionumber and reserveid, but nothing changed, your hold wasn't deleted 4. Close that pointless tab, and apply patch 5. Reload the page with the list of holds, and again right-click the Cancel hold trashcan and select Open in new tab 6. In the new tab, note that the URL just has the biblionumber and a #, no other extraneous things 7. In the original tab, left-click the trashcan, confirm cancellation in the popup, and make sure that cancelling still does work. Sponsored-by: Chetco Community Public Library Signed-off-by: David Nind -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 David Nind changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 --- Comment #1 from Phil Ringnalda --- Created attachment 176766 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=176766&action=edit Bug 38921: Remove unused href from Cancel hold link The trashcan icon to cancel a hold from the list of holds on a bib record has a leftover href attribute from before the bug 34478 CSRF protection changes. It has an 'op=cancel' which does nothing since there's only a cud-cancel op, so it just falls through to the view case and redisplays the page if you open it in a new tab, and doesn't get used at all if you click the trashcan, when JavaScript builds up a form that you can POST. Test plan: 1. Place a hold on any item. 2. On the list of holds, right-click the Cancel hold trashcan icon, and select Open in new tab 3. In the new tab, note that the URL in the browser address bar shows all sorts of things about op=cancel and borrowernumber and biblionumber and reserveid, but nothing changed, your hold wasn't deleted 4. Close that pointless tab, and apply patch 5. Reload the page with the list of holds, and again right-click the Cancel hold trashcan and select Open in new tab 6. In the new tab, note that the URL just has the biblionumber and a #, no other extraneous things 7. In the original tab, left-click the trashcan, confirm cancellation in the popup, and make sure that cancelling still does work. Sponsored-by: Chetco Community Public Library -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 Phil Ringnalda changed: What|Removed |Added Status|NEW |Needs Signoff Patch complexity|--- |Trivial patch -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 38921] Remove unused href from Cancel hold link
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38921 Phil Ringnalda changed: What|Removed |Added Assignee|[email protected] |[email protected] -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
