Bug 36349: Make sure CSRF token is included for all login scenarios

To test: 1 - In KTD visit: http://localhost:8080/cgi-bin/koha/sci/sci-main.pl 2 - Everything should be set for auto self check user etc, just login as a patron If not (or not using KTD) setup a self check user, enable SCO and SCI, set self check patron system preferences, then login with patron 3 - 403 Error 4 - Repeat with sco: http://localhost:8080/cgi-bin/koha/sco/sco-main.pl 5 - Apply patch, restart all 6 - Try again, both should be successful Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-03-18 16:27:58 +00:00 · 2024-03-18 16:27:58 +00:00 · 5300bcd574
commit 5300bcd574
parent 2169d774c1
1 changed files with 1 additions and 1 deletions
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt
@ -208,8 +208,8 @@
                                <form action="/cgi-bin/koha/sci/sci-main.pl" name="auth" id="auth" method="post" autocomplete="off">
                            [% ELSE %]
                                <form action="[% script_name | html %]" name="auth" id="auth" method="post" autocomplete="off">
-                                    [% INCLUDE 'csrf-token.inc' %]
                            [% END %]
+                                     [% INCLUDE 'csrf-token.inc' %]
                                <input type="hidden" name="op" value="cud-login" />
                                <input type="hidden" name="koha_login_context" value="opac" />