https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38056
Bug ID: 38056
Summary: Search term after deleting an authority shouldn't be
URI encoded
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P3
Component: MARC Authority data support
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Depends on: 34478
Prior to the CSRF protection, deleting an authority record from search results
built up a URL for a GET, and used the uri TT filter on the value param, which
is where the search term you used to find the record gets passed to the script
for reloading afterward. That was fine (though the use of the html filter on
the other params was a bit sketchy, given that they were being stuffed into a
URL, not displayed as HTML), but when
https://git.koha-community.org/Koha-community/Koha/commit/62d9f73e9e3bfe7fbca1340c753b75c951aceaf1
switched from a GET to a form that POSTs, it retained the same escaping, so now
we have a URI encoded value being put into a form input, passed over to the
script which certainly isn't expecting that, and then stuffed back into the
search box and searched for literally: if you do an authority search for
"professional computing" and delete one of the results, the page that loads
after the deletion is a search for "professional%20computing"
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478
[Bug 34478] Full CSRF protection
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
