https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37779
Bug ID: 37779
Summary: Fix forms that POST without an op in tag moderation
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P3
Component: Tools
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Depends on: 36192
Blocks: 37728
We intend not to have forms with method="post" without an op variable (so we
can check that the op starts with "cud-" as part of the CSRF protection), but
because of bug 37728 some were missed.
In tag moderation, there are two: the fallback form for testing whether a word
has been approved or rejected when JavaScript is disabled so the normal AJAX
code doesn't run (a brutal thing to write a test plan for), and the Filters
form, which by POSTing prevents you from bookmarking the page for all reviews
by a particular person, or all rejected tags, or anything else you might want
to check without having to recreate the filter.
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192
[Bug 36192] [OMNIBUS] CSRF Protection for Koha
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37728
[Bug 37728] More "op" are missing in POSTed forms
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
