https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37093
Phil Ringnalda <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Mana-kb |Reports CC| |[email protected] Severity|critical |major Depends on| |36192 --- Comment #1 from Phil Ringnalda <[email protected]> --- That's because your search is sending a POST to /cgi-bin/koha/svc/mana/search without a CSRF token. https://git.koha-community.org/Koha-community/Koha/src/commit/10853d1edc9c31bcef096ffa514bb3025e0a760e/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt#L2394 is implicitly a POST because it passes an object to .load, but before bug 22250 cleaned things up in https://git.koha-community.org/Koha-community/Koha/commit/679fdaebb1a611859a968f22b85c37fbc00b055b it was explicitly a POST (which bizarrely attempted to include a biblionumber, which makes it look like it was originally poorly-chosen copy-paste). That line should instead be $("#mana_result_content").load("/cgi-bin/koha/svc/mana/search #mana_results", "resource=report&usecomments=1&id=" + textquery, function( response, status, xhr ) { That nicely returns results from the search, but were the results ever usable? What I get seems to be the result of replacing newlines with '' rather than with ' ' which garbles everything since it does things like "i.ccodeFROM old_reserves oLEFT JOIN items i" and the SQL parser chokes at oLEFT. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192 [Bug 36192] [OMNIBUS] CSRF Protection for Koha -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
