Bug 37785: Remove dead code in tools/letter.tt that looks like a form that would POST without an op
We intend not to have forms with method="post" without an op variable (so we
can check that the op starts with "cud-" as part of the CSRF protection), but
because of bug 37728 some were missed.
The two in tools/letter.tt are blocks of never-used code which would display
a message confirming that you saved a notice, or that a notice was deleted
after you confirmed that you wanted to delete it, but neither one has ever
been executed. Now, the names of the ops don't match, because they are
cud-add_validate etc. and would have to explicitly set a param for
add_validate, but even before the CSRF change to cud- ops, they explicitly
unset their $op so that as they say "# we return to the default screen for
the next operation". Prior to that, they just did
"print $input->redirect("letter.pl");"
No test plan is possible, since this code has never once done anything.
Sponsored-by: Chetco Community Public Library
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This commit is contained in:
Phil Ringnalda
parent
e0014aeaac
commit
397e06ccd7
GPG key ID:
0EF6E2C03357A834
1 changed files with 0 additions and 16 deletions
|
|
@ -549,14 +549,6 @@
|
||||||
</form> <!-- /#add_notice -->
|
</form> <!-- /#add_notice -->
|
||||||
[% END # /IF add_form %]
|
[% END # /IF add_form %]
|
||||||
|
|
||||||
[% IF ( add_validate or copy_validate) %]
|
|
||||||
Data recorded
|
|
||||||
<form action="[% action | html %]" method="post">
|
|
||||||
[% INCLUDE 'csrf-token.inc' %]
|
|
||||||
<input type="submit" class="btn btn-primary" value="OK" />
|
|
||||||
</form>
|
|
||||||
[% END %]
|
|
||||||
|
|
||||||
[% IF ( delete_confirm ) %]
|
[% IF ( delete_confirm ) %]
|
||||||
<div class="alert alert-warning">
|
<div class="alert alert-warning">
|
||||||
<h1>Delete notice?</h1>
|
<h1>Delete notice?</h1>
|
||||||
|
|
@ -591,14 +583,6 @@
|
||||||
</div>
|
</div>
|
||||||
[% END # /IF delete_confirm %]
|
[% END # /IF delete_confirm %]
|
||||||
|
|
||||||
[% IF ( delete_confirmed ) %]
|
|
||||||
<span>Data deleted</span>
|
|
||||||
<form action="[% action | html %]" method="post">
|
|
||||||
[% INCLUDE 'csrf-token.inc' %]
|
|
||||||
<input type="submit" class="btn btn-primary" value="OK" />
|
|
||||||
</form>
|
|
||||||
[% END %]
|
|
||||||
|
|
||||||
[% IF add_form or copy_form %]
|
[% IF add_form or copy_form %]
|
||||||
</div> <!-- /.col-md-8 -->
|
</div> <!-- /.col-md-8 -->
|
||||||
</div> <!-- /.row -->
|
</div> <!-- /.row -->
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue