Bug 36207: (RM follow-up) CSRF correction

I think there was a rebase issue here where we split the form into two forms instead of one. This patch returns us to one form with two different submit options (one for selected tags and one per tag) that both trigger the confirmation modal before submitting to the controller. Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2024-06-11 16:13:36 +01:00 · 2024-06-11 16:13:36 +01:00 · 0ac23a6247
commit 0ac23a6247
parent 7f8e71e82b
1 changed files with 3 additions and 5 deletions
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-tags.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-tags.tt
@ -127,7 +127,9 @@
                        [% END # /add_op %]

                        [% IF ( MY_TAGS ) %]
-                            <form method="post" action="opac-tags.pl">
+                            <form id="deletetags" name="deletetags" method="post" action="opac-tags.pl">
+                                [% INCLUDE 'csrf-token.inc' %]
+                                <input type="hidden" name="op" value="cud-del" />
                                <table id="mytagst" class="table table-bordered table-striped">
                                    <caption>Your tags</caption>
                                    <thead>
@ -183,10 +185,6 @@
                                </table>
                                <input type="submit" value="Remove selected tags" class="btn btn-danger remove">
                            </form>
-                            <form id="deletetags" name="deletetags" method="post" action="/cgi-bin/koha/opac-tags.pl">
-                                [% INCLUDE 'csrf-token.inc' %]
-                                <input type="hidden" name="op" value="cud-del" />
-                            </form>
                        [% END # /MY_TAGS %]
                    </div> <!-- / .usertags -->
                </div> <!-- / .span10/12 -->