https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37785
--- Comment #1 from Phil Ringnalda <[email protected]> --- Created attachment 170899 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=170899&action=edit Bug 37785: Remove dead code in tools/letter.tt that looks like a form that would POST without an op We intend not to have forms with method="post" without an op variable (so we can check that the op starts with "cud-" as part of the CSRF protection), but because of bug 37728 some were missed. The two in tools/letter.tt are blocks of never-used code which would display a message confirming that you saved a notice, or that a notice was deleted after you confirmed that you wanted to delete it, but neither one has ever been executed. Now, the names of the ops don't match, because they are cud-add_validate etc. and would have to explicitly set a param for add_validate, but even before the CSRF change to cud- ops, they explicitly unset their $op so that as they say "# we return to the default screen for the next operation". Prior to that, they just did "print $input->redirect("letter.pl");" No test plan is possible, since this code has never once done anything. Sponsored-by: Chetco Community Public Library -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
