https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37961
Bug ID: 37961
Summary: Inventory followup fails by POSTing without an op or
csrf_token
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Keywords: regression, rel_24_05_candidate
Severity: major
Priority: P1 - high
Component: Tools
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Depends on: 36192
After you upload a file or textarea of barcodes to inventory, the next step is
a list of the things that were missing, with checkboxes to check when you find
them, and buttons to Mark seen, which send a POST to
/cgi-bin/koha/tools/ajax-inventory.pl without an op param (since it doesn't
have an $op) and without a csrf_token, so the POST fails with a 403.
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192
[Bug 36192] [OMNIBUS] CSRF Protection for Koha
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
