https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37914
Bug ID: 37914
Summary: Forms for budget planning filters and export should
GET rather than POST
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P3
Component: Acquisitions
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Depends on: 36192
Blocks: 37728
Because of the bug 36192 CSRF protection, we intend not to have forms that POST
without a param named 'op' with a value starting with 'cud-'. Because of bug
37728, a few were missed, including the 'Filters' form that lets you switch
between planning budgets by month or by itemtype or by library, and the
'Export' form that lets you save your planning as a .csv file. Neither one has
any need to POST, they can just be the GET they naturally are.
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192
[Bug 36192] [OMNIBUS] CSRF Protection for Koha
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37728
[Bug 37728] More "op" are missing in POSTed forms
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
