https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39055
--- Comment #6 from David Cook <[email protected]> --- (In reply to Jonathan Druart from comment #4) > Owen reported the same problem on suggestion/suggestion.pl > > I am stuck here, what I am trying to do won't work as we don't sent back the > modified CGI object to the controller. > > Any ideas, David? Yeah, that's an interesting one. A lot of other apps have /login* endpoints which may or may not redirect back to a sanitized referrer. That would be easy to handle. But Koha has always allowed login on any page, which has its pros and cons... The simplest option would probably be change the login not to use the "op" parameter. We could change it to "login_op". We would need to update Koha/Middleware/CSRF.pm to handle this special case because a login POST could contain an "op" without a "cud-" prefix. Alternatively, we could try to hack the inputs to stuff the query string params back in via a Plack::Middleware or through C4/Auth.pm but I don't like that idea as it's dirty/hacky. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
