https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37826
Bug ID: 37826
Summary: Templates that use the variable script_name should be
called by scripts that set it
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Templates
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
We have templates that use the variable script_name for the path and filename
of the script that called them, particularly as the action attribute of forms
that call back to it.
We have scripts that set the template->param script_name to their path and
filename.
What we don't have is a 1:1 match between templates and scripts, as the failure
mode in bug 37797 comment 1 shows. If you set action="[% script_name %]" when
it isn't defined, you get action="", which may work for years if every form
submitted to that script is a POST, but once someone changes one to a get,
action="" will POST to aqbudgetperiods.pl?op=delete_confirm&budget_period_id=2
and both the things in the POST body and also things in the query string will
wind up being sent to the script.
What I don't have is any good idea how to find templates using unset
script_name, short of just brute force looking at every one.
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
