https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37612
Bug ID: 37612
Summary: Batch modifying patrons from patron lists broken by
CSRF protection
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: Tools
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Blocks: 36192
Patron lists have an Actions menuitem to Batch edit patrons, which sends a GET
to tools/modborrowers.pl?patron_list_id=1&op=show. But because the other two
ways to modborrowers are to upload a file of borrowernumbers or to stick a
possibly-huge number of borrowernumbers into a textarea, both of which require
a POST, the op is now cud-show, not because it does anything CUD, but because
it has to accept POSTs. It just needs the same solution as
https://git.koha-community.org/Koha-community/Koha/src/commit/99c2064126978f377f8fb23f61a2db3e201a33c1/tools/batchMod.pl#L209
to accept both cud-show and show.
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192
[Bug 36192] [OMNIBUS] CSRF Protection for Koha
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
