Bug 36349: Make sure CSRF token is included for all login scenarios
To test: 1 - In KTD visit: http://localhost:8080/cgi-bin/koha/sci/sci-main.pl 2 - Everything should be set for auto self check user etc, just login as a patron If not (or not using KTD) setup a self check user, enable SCO and SCI, set self check patron system preferences, then login with patron 3 - 403 Error 4 - Repeat with sco: http://localhost:8080/cgi-bin/koha/sco/sco-main.pl 5 - Apply patch, restart all 6 - Try again, both should be successful Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This commit is contained in:
parent
2169d774c1
commit
5300bcd574
1 changed files with 1 additions and 1 deletions
|
@ -208,8 +208,8 @@
|
|||
<form action="/cgi-bin/koha/sci/sci-main.pl" name="auth" id="auth" method="post" autocomplete="off">
|
||||
[% ELSE %]
|
||||
<form action="[% script_name | html %]" name="auth" id="auth" method="post" autocomplete="off">
|
||||
[% INCLUDE 'csrf-token.inc' %]
|
||||
[% END %]
|
||||
[% INCLUDE 'csrf-token.inc' %]
|
||||
<input type="hidden" name="op" value="cud-login" />
|
||||
<input type="hidden" name="koha_login_context" value="opac" />
|
||||
|
||||
|
|
Loading…
Reference in a new issue