https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38413
Phil Ringnalda <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|enhancement |major Status|NEW |CONFIRMED CC| |[email protected] Depends on| |36630 --- Comment #1 from Phil Ringnalda <[email protected]> --- That's because bug 36630 changed it from a POST to a GET, which runs the risk of exceeding the maximum URL length. It was fooled into making the wrong change in the wrong place by a dummy op. The way both batch modification and batch deletion work in item search is by completely emptying out the content of the form with id="batch_item_operations", sticking in an op and inputs for every selected item, and submitting that. The bulk CSRF-proctection changes were fooled by the dummy initial content of the form, so they changed the op from show to cud-show and added a CSRF token, but the JavaScript that actually prepares and submits the form just went right along deleting all of that, then adding back op="show" and not adding a CSRF token. The fix is to reverse the changes bug 36630 made so the form goes back to a POST, stick in an HTML comment above the dummy contents saying that they are dummy contents that will be replaced by JavaScript, and then change the op in https://git.koha-community.org/Koha-community/Koha/src/commit/c10c244a289b2c1968b52d8158cedff4feae5e0e/koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/itemsearch.tt#L785 to cud-show and add a CSRF token input. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630 [Bug 36630] Item search batch operations buttons broken by CSRF -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
