From 0677cf51020baea8a23c682dde8d090ef16a8242 Mon Sep 17 00:00:00 2001 From: Phil Ringnalda Date: Thu, 29 Aug 2024 16:51:27 -0700 Subject: [PATCH] Bug 37766: Fix forms that POST without an op in MARC bibliographic frameworks We intend not to have forms with method="post" without an op variable (so we can check that the op starts with "cud-" as part of the CSRF protection), but because of bug 37728 some were missed. In MARC bibliographic frameworks, that's the tag search form, which should be a GET so the URL includes what you searched for and you can bookmark it or link to the search, and the cancel "No, do not delete" button in the page to confirm deleting a subfield, which should also be a GET to take you back to the page where you were, which was ?tagfield=903&frameworkcode=VR when you clicked Delete. Test plan: 1. No visible change in behavior (only the URL), so start with the patch applied 2. Administration - MARC bibliographic framework - choose one other than Default, since the "&framework=" of Default could be confused with a failure to get the code in there - Actions - MARC structure 3. Type any three digit number higher than 009 (you want something with subfields) in the Search for tag input and hit Enter 4. Verify that your URL has the searchfield and frameworkcode correct and that number or next highest number tag is displayed first 5. Change the In framework select menu to another non-Default framework and click search, and verify that the URL change to that frameworkcode, and that framework is displayed 6. Toggle the Display only used tags/subfields checkbox, search for a different tag, and verify that the state of the checkbox persists as you do more searches 7. On any other listed tag - Actions - View subfields 8. For any displayed subfield click Delete 9. In the confirmation page click No, do not delete 10. Verify that the page you return to has the correct tagfield and frameworkcode for the tag you chose Sponsored-by: Chetco Community Public Library Signed-off-by: Owen Leonard Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer --- .../prog/en/modules/admin/marc_subfields_structure.tt | 4 +--- .../intranet-tmpl/prog/en/modules/admin/marctagstructure.tt | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/marc_subfields_structure.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/marc_subfields_structure.tt index 617a66963b..1e0c80eb5c 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/marc_subfields_structure.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/marc_subfields_structure.tt @@ -330,10 +330,8 @@ -
- [% INCLUDE 'csrf-token.inc' %] + -
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/marctagstructure.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/marctagstructure.tt index df5d4ce9b6..03e125b3f6 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/marctagstructure.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/marctagstructure.tt @@ -214,8 +214,7 @@ [% IF ( else ) %] -
- [% INCLUDE 'csrf-token.inc' %] +