subject:"\[Koha\-bugs\] \[Bug 34478\] Full CSRF protection"

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-05-22 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Fridolin Somers  changed:

   What|Removed |Added

 Blocks||36877


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36877
[Bug 36877] Patron card creator does not work when editing layout, profile or
template
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-05-16 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Owen Leonard  changed:

   What|Removed |Added

 Blocks||36883


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36883
[Bug 36883] Can't finish club enrollment in the OPAC
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-05-14 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Victor Grousset/tuxayo  changed:

   What|Removed |Added

 Blocks||36863

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-05-13 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Owen Leonard  changed:

   What|Removed |Added

 Blocks||36838


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36838
[Bug 36838] Can't approve or reject tags in the staff interface
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-04-24 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Pedro Amorim  changed:

   What|Removed |Added

 Blocks||36683

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-04-17 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Brendan Lawlor  changed:

   What|Removed |Added

 Blocks||36630


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630
[Bug 36630] Item search batch operations buttons broken by CRSF
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-04-17 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Fridolin Somers  changed:

   What|Removed |Added

 Blocks||36368


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36368
[Bug 36368] Cannot save new patron after error
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-04-17 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Fridolin Somers  changed:

   What|Removed |Added

 Blocks||36351


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36351
[Bug 36351] CSRF Adjustments for Cataloguing editor
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-04-11 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Victor Grousset/tuxayo  changed:

   What|Removed |Added

 Blocks||36577


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36577
[Bug 36577] (bug 34478 follow-up) marc21_linking_section.pl not working
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-04-10 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Emily Lamancusa  changed:

   What|Removed |Added

 Blocks||36568


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36568
[Bug 36568] Changing rows per page on a custom report is broken
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-26 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

--- Comment #194 from David Cook  ---
(In reply to David Cook from comment #185)
> Although as I say that I'm finding more changes that need to be backported
> to really support this... heh...

Like koha-tmpl/intranet-tmpl/prog/js/file-upload.js uses XMLHttpRequest
directly and doesn't do AJAX calls via jQuery.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-25 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Fridolin Somers  changed:

   What|Removed |Added

 Blocks||36326


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36326
[Bug 36326] Batch deletion of selected items from detail page is broken
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-25 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Fridolin Somers  changed:

   What|Removed |Added

 Blocks||36336


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36336
[Bug 36336] Exporting records from detail page is broken
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-21 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Tomás Cohen Arazi  changed:

   What|Removed |Added

 Blocks||36384


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36384
[Bug 36384] 'Used saved' typo in guided reports
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-18 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Nick Clemens  changed:

   What|Removed |Added

 Blocks||36349


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
[Bug 36349] Login for SCO/SCI broken  by CSRF
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-18 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Katrin Fischer  changed:

   What|Removed |Added

 Blocks||36274


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36274
[Bug 36274] OPAC suggestions form doesn't display
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-14 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

--- Comment #193 from Jonathan Druart  ---
*** Bug 30502 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-14 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Jonathan Druart  changed:

   What|Removed |Added

 CC||anuragme...@gmail.com

--- Comment #192 from Jonathan Druart  ---
*** Bug 23238 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-14 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

--- Comment #191 from Jonathan Druart  ---
*** Bug 34111 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-14 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

--- Comment #190 from Jonathan Druart  ---
*** Bug 23060 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-14 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

--- Comment #189 from Jonathan Druart  ---
*** Bug 22314 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-14 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Jonathan Druart  changed:

   What|Removed |Added

 CC||amitddng...@gmail.com

--- Comment #188 from Jonathan Druart  ---
*** Bug 19645 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-14 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

--- Comment #187 from Jonathan Druart  ---
*** Bug 35677 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-13 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

David Cook  changed:

   What|Removed |Added

 Blocks||36195


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36195
[Bug 36195] CSRF - testing reports
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-13 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

David Cook  changed:

   What|Removed |Added

 Blocks||36193


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36193
[Bug 36193] CSRF - Code review missed
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-12 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

--- Comment #186 from Fridolin Somers  ---
OK thanks for your comments.
For the moment no backport

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-11 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

--- Comment #185 from David Cook  ---
(In reply to David Cook from comment #184)
> (In reply to David Cook from comment #183)
> > However, I have been thinking a bit about how to provide some protection to
> > stable branches. 
> 
> I think my abbreviated anti-CSRF plus bug 33259 (when it's ready) would be
> an OK compromise for stable branches.

Although as I say that I'm finding more changes that need to be backported to
really support this... heh...

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-11 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

--- Comment #184 from David Cook  ---
(In reply to David Cook from comment #183)
> However, I have been thinking a bit about how to provide some protection to
> stable branches. 

I think my abbreviated anti-CSRF plus bug 33259 (when it's ready) would be an
OK compromise for stable branches.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-11 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

--- Comment #183 from David Cook  ---
(In reply to Fridolin Somers from comment #182)
> Not for backport I bet ?

I don't think that it would be possible to backport this one.

However, I have been thinking a bit about how to provide some protection to
stable branches. 

Locally, I've applied the following:
- Bug 36098 (the Koha::Session patches)
- Bug 34755: Backport Koha::Token change from bug 34478
- Bug 34478: Add csrf-token in meta

I've created a middleware based off Koha::Middleware::CSRF and then using a mix
of ideas from Marcel and myself, I've used Javascript to inject CSRF tokens
into forms and Koha API calls.

At the moment, I'm testing this on the OPAC, and then I'm going to look at the
Staff Interface.

I want to do some more thinking about how we can use "Strict" in the SameSite
attribute for the CGISESSID cookie to cover off CSRF for GET requests as well.
Less of a problem for 34478 because it fixes a lot of stateful GET requests,
but for older versions...

--

Long story short... it might be worth backporting just "Bug 34478: Add
csrf-token in meta" for now. Maybe a new bug report for that?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-11 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

--- Comment #182 from Fridolin Somers  ---
Not for backport I bet ?

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-11 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478
Bug 34478 depends on bug 36019, which changed state.

Bug 36019 Summary: Dead code in tags/review
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36019

   What|Removed |Added

 Status|Pushed to master|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-11 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478
Bug 34478 depends on bug 36017, which changed state.

Bug 36017 Summary: Dead code in admin/clone-rules
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36017

   What|Removed |Added

 Status|Pushed to master|RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-07 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Victor Grousset/tuxayo  changed:

   What|Removed |Added

 Blocks||36280


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36280
[Bug 36280] Viewing batch of staged records broken: CSRF token error
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-07 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Pedro Amorim  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=36273

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-07 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Martin Renvoize  changed:

   What|Removed |Added

 Blocks|36245   |


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36245
[Bug 36245] ILL - Custom backend form action is broken
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-07 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Martin Renvoize  changed:

   What|Removed |Added

 Blocks||36245


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36245
[Bug 36245] ILL - Custom backend form action is broken
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-07 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Martin Renvoize  changed:

   What|Removed |Added

 Blocks|36245   |


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36245
[Bug 36245] ILL - Custom backend form action is broken
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-07 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Martin Renvoize  changed:

   What|Removed |Added

 Blocks|36249   |


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36249
[Bug 36249] ILL - "Request from partners" action is broken
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-06 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Pedro Amorim  changed:

   What|Removed |Added

 Blocks||36249


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36249
[Bug 36249] ILL - "Request from partners" action is broken
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-06 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Pedro Amorim  changed:

   What|Removed |Added

 Blocks||36245


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36245
[Bug 36245] ILL - Custom backend form action is broken
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-06 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Pedro Amorim  changed:

   What|Removed |Added

 Blocks||36243


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36243
[Bug 36243] ILL "Edit request" action is broken
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-06 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Pedro Amorim  changed:

   What|Removed |Added

 Blocks||36241


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36241
[Bug 36241] ILL Batches are broken
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-05 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Lucas Gass  changed:

   What|Removed |Added

 Blocks||36237


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36237
[Bug 36237] Improve set-library UI after 34478
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-04 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Jonathan Druart  changed:

   What|Removed |Added

 Blocks||36219


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36219
[Bug 36219] State parameter broken for OIDC/Oauth
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-01 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Jonathan Druart  changed:

   What|Removed |Added

 Status|Passed QA   |Pushed to master

--- Comment #181 from Jonathan Druart  ---
Pushed to master for 24.05.00.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 34478] Full CSRF protection

2024-03-01 Thread bugzilla-daemon--- via Koha-bugs

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478

Jonathan Druart  changed:

   What|Removed |Added

 Status|ASSIGNED|Passed QA
  Group|Koha security   |
Product|Koha security   |Koha
 Version(s)||24.05.00
released in||
  Component|Koha|Architecture, internals,
   ||and plumbing
 QA Contact||testo...@bugs.koha-communit
   ||y.org

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

46 matches

Mail list logo