https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40625
Laura Escamilla <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #185404|0 |1 is obsolete| | --- Comment #3 from Laura Escamilla <[email protected]> --- Created attachment 186892 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=186892&action=edit Bug 40625: Fix duplicate cashup records via POST/REDIRECT/GET pattern This works great! Thank you, Martin. QA tool is also happy! The cashup functionality on both /pos/register.pl and /pos/registers.pl pages was using GET requests via anchor tags, which could cause duplicate cashup records when users refreshed the page after performing a cashup. This patch implements proper POST/REDIRECT/GET pattern with CSRF protection: 1. Convert anchor tag buttons to proper HTML forms with submit buttons 2. Add CSRF token protection to all cashup operations 3. Change operation from 'cashup' to 'cud-cashup' for CSRF compliance 4. Implement redirects after successful cashup operations to prevent resubmission 5. Update JavaScript to populate form fields instead of href attributes This ensures cashup operations follow HTTP semantics properly (POST for state changes) and prevents duplicate submissions while maintaining the existing user experience. Test plan: 1. Apply patch and restart services 2. Go to Point of Sale > Cash registers 3. Click "Record cashup" on any register - should open modal 4. Click "Confirm" - should perform cashup and reload page 5. Refresh the page - should NOT create duplicate cashup record 6. Go to Point of Sale > Register for individual register 7. Click "Record cashup" - should open modal 8. Click "Confirm" - should perform cashup and reload page 9. Refresh the page - should NOT create duplicate cashup record 10. On registers page, try "Cashup all" button - should work correctly 11. Verify all existing functionality (modals, summaries) still works 12. Check browser developer tools - all requests should be POST for cashup operations Signed-off-by: Owen Leonard <[email protected]> Signed-off-by: Laura_Escamilla <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
