Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 37523: CSRF error when modifying an existing patron record

Browse source 
This patch modifies the patron entry template to avoid a CSRF error when
clicking the "Edit existing record" button after a duplicate patron is
found. The operation should be GET and thus can be a link.

To test, apply the patch and go to Patrons.

- If you aren't using the default testing data you should first locate
  an existing patron record so you can refer to the details.
- Start the process of creating a new patron record.
- Use the existing patron's data to fill out the form.
  - With the default data you can use:
    - Surname: Bennett
    - First name: Pamela
    - Date of birth: 09/16/1946
    - Any random new card number
- When you click "Save" you should get a duplicate patron warning:
  "Duplicate patron record?"
  - Click "It is a duplicate. Edit existing record."
  - You should be taken to the edit form for the existing patron.

Sponsored-by: Athens County Public Libraries
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: Johanna Räisä <johanna.raisa@gmail.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This commit is contained in:
Owen Leonard 2024-07-30 12:13:23 +00:00 committed by Katrin Fischer
parent e4e4953f61
commit 2f6226ad69
Signed by: kfischer
GPG key ID: 0EF6E2C03357A834
1 changed files with 1 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt
View file

@ -144,7 +144,7 @@ legend.collapsed i.fa.fa-caret-down::before {
<div class="dialog alert">
<h3>Duplicate patron record?</h3>
<p><a class="popup_patronview" href="/cgi-bin/koha/members/moremember.pl?print=brief&amp;borrowernumber=[% check_member | uri %]"><i class="fa-solid fa-window-restore"></i> View existing record</a></p>
<button id="duplicate" type="submit" class="new"> <i class="fa-solid fa-pencil" aria-hidden="true"></i> It is a duplicate. Edit existing record </button>
<a href="/cgi-bin/koha/members/memberentry.pl?op=edit_form&borrowernumber=[% check_member | uri %]" class="btn btn-default" id="duplicate"> <i class="fa-solid fa-pencil" aria-hidden="true"></i> It is a duplicate. Edit existing record </a>
<button type="submit" id="not-duplicate" class="new"> <i class="fa fa-plus"></i> Not a duplicate. Save as new record </button>
</div>
[% END %]
@ -1953,13 +1953,6 @@ legend.collapsed i.fa.fa-caret-down::before {
}
});
$('#duplicate').on('click', function() {
$("input[name='op']").val('edit_form');
$("input[name='borrowernumber']").val('[% check_member | html %]');
$("input[name='check_member']").val('');
$('#entryform').submit();
});
$('#not-duplicate').on('click', function() {
$("input[name='nodouble']").val('1');
$('#entryform').submit();