[Koha-bugs] [Bug 36630] Item search batch operations buttons broken by CRSF
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630 Fridolin Somers changed: What|Removed |Added Resolution|--- |FIXED CC||fridolin.som...@biblibre.co ||m Status|Pushed to main |RESOLVED --- Comment #5 from Fridolin Somers --- Depends on Bug 34478 not in 23.11.x -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36630] Item search batch operations buttons broken by CRSF
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630 --- Comment #4 from Katrin Fischer --- Pushed for 24.05! Well done everyone, thank you! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36630] Item search batch operations buttons broken by CRSF
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630 Katrin Fischer changed: What|Removed |Added Version(s)||24.05.00 released in|| Status|Passed QA |Pushed to master -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36630] Item search batch operations buttons broken by CRSF
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630 Jonathan Druart changed: What|Removed |Added Attachment #165035|0 |1 is obsolete|| --- Comment #3 from Jonathan Druart --- Created attachment 165036 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=165036=edit Bug 36630: Change Post to GET to fix CSRF error on item search batch operations buttons This patch changes the form that submits to batchMod.pl from the Item search results page. The form method does not need to be a POST. To recreate: 1. Do an item search 2. On the results page 'click Select visible rows' 3. Click 'Batch operations' and select 'Batch item modification' 4. See Programming error - op 'show' must start with 'cud-' for POST http://localhost:8081/intranet/tools/batchMod.pl (referer: http://localhost:8081/cgi-bin/koha/catalogue/itemsearch.pl) 5. Click 'Batch operations' and select 'Batch item deletion' 6. See the same error To test: 1. Apply patch and repeat steps to recreate the issue 2. See that the batchMod.pl page loads with no error. Signed-off-by: David Nind Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36630] Item search batch operations buttons broken by CRSF
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630 Jonathan Druart changed: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36630] Item search batch operations buttons broken by CRSF
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630 David Nind changed: What|Removed |Added Attachment #165034|0 |1 is obsolete|| --- Comment #2 from David Nind --- Created attachment 165035 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=165035=edit Bug 36630: Change Post to GET to fix CSRF error on item search batch operations buttons This patch changes the form that submits to batchMod.pl from the Item search results page. The form method does not need to be a POST. To recreate: 1. Do an item search 2. On the results page 'click Select visible rows' 3. Click 'Batch operations' and select 'Batch item modification' 4. See Programming error - op 'show' must start with 'cud-' for POST http://localhost:8081/intranet/tools/batchMod.pl (referer: http://localhost:8081/cgi-bin/koha/catalogue/itemsearch.pl) 5. Click 'Batch operations' and select 'Batch item deletion' 6. See the same error To test: 1. Apply patch and repeat steps to recreate the issue 2. See that the batchMod.pl page loads with no error. Signed-off-by: David Nind -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36630] Item search batch operations buttons broken by CRSF
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630 David Nind changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36630] Item search batch operations buttons broken by CRSF
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630 Brendan Lawlor changed: What|Removed |Added Depends on||34478 Blocks||36192 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34478 [Bug 34478] Full CSRF protection https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192 [Bug 36192] [OMNIBUS] CSRF Protection for Koha -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36630] Item search batch operations buttons broken by CRSF
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630 --- Comment #1 from Brendan Lawlor --- Created attachment 165034 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=165034=edit Bug 36630: Change Post to GET to fix CSRF error on item search batch operations buttons This patch changes the form that submits to batchMod.pl from the Item search results page. The form method does not need to be a POST. To recreate: 1. Do an item search 2. On the results page 'click Select visible rows' 3. Click 'Batch operations' and select 'Batch item modification' 4. See Programming error - op 'show' must start with 'cud-' for POST http://localhost:8081/intranet/tools/batchMod.pl (referer: http://localhost:8081/cgi-bin/koha/catalogue/itemsearch.pl) 5. Click 'Batch operations' and select 'Batch item deletion' 6. See the same error To test: 1. Apply patch and repeat steps to recreate the issue 2. See that the batchMod.pl page loads with no error. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36630] Item search batch operations buttons broken by CRSF
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630 Brendan Lawlor changed: What|Removed |Added Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36630] Item search batch operations buttons broken by CRSF
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36630 Brendan Lawlor changed: What|Removed |Added Assignee|koha-b...@lists.koha-commun |blaw...@clamsnet.org |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
