Bug 37769: Fix forms that POST without an op in currency administration
We intend not to have forms with method="post" without an op variable (so we can check that the op starts with "cud-" as part of the CSRF protection), but because of bug 37728 some were missed. This patch changes the form around the OK button when you are told you can't delete a currency which is in use, and the No, do not delete button when you could delete a currency and decide not to, from a POST to a GET because all they need to do is show the list of currencies again. The only visible change from the patch is that the URL will end with a "?" from having done a GET without any params. Someone who wants to decide which of our link-as-cancel-button styles to use is welcome to switch them to links, in a bug not blocking an RM_priority bug. Test plan: 1. No changes to see, so apply the patch first 2. Administration - Currencies and exchange rates 3. You need one currency in use and one not in use. Luckily, ktd gave you USD for in use, and GBP for not in use. For USD, click the Deleete button 4. On the page telling you that you can't delete it because it's in use, click the OK button and verify that you are back at the list of currencies 5. Click the Delete button for GBP, then the No, do not delete button 6. Verify that you are back at the list of currencies Sponsored-by: Chetco Community Public Library Signed-off-by: Sukhmandeep Benipal <sukhmandeep.benipal@inLibro.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This commit is contained in:
parent
e03aecfd50
commit
81bc750e00
1 changed files with 2 additions and 4 deletions
|
@ -180,8 +180,7 @@
|
||||||
[% END %]
|
[% END %]
|
||||||
<span>Deletion not possible</span>
|
<span>Deletion not possible</span>
|
||||||
</p>
|
</p>
|
||||||
<form action="/cgi-bin/koha/admin/currency.pl" method="post">
|
<form action="/cgi-bin/koha/admin/currency.pl" method="get">
|
||||||
[% INCLUDE 'csrf-token.inc' %]
|
|
||||||
<button type="submit" class="btn btn-default approve"><i class="fa fa-fw fa-check"></i> OK</button>
|
<button type="submit" class="btn btn-default approve"><i class="fa fa-fw fa-check"></i> OK</button>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
@ -202,8 +201,7 @@
|
||||||
<input type="hidden" name="currency_code" value="[% currency.currency | html %]" />
|
<input type="hidden" name="currency_code" value="[% currency.currency | html %]" />
|
||||||
<button type="submit" class="btn btn-default approve"><i class="fa fa-fw fa-check"></i> Yes, delete this currency</button>
|
<button type="submit" class="btn btn-default approve"><i class="fa fa-fw fa-check"></i> Yes, delete this currency</button>
|
||||||
</form>
|
</form>
|
||||||
<form action="/cgi-bin/koha/admin/currency.pl" method="post">
|
<form action="/cgi-bin/koha/admin/currency.pl" method="get">
|
||||||
[% INCLUDE 'csrf-token.inc' %]
|
|
||||||
<button type="submit" class="btn btn-default deny"><i class="fa fa-fw fa-times"></i> No, do not delete</button>
|
<button type="submit" class="btn btn-default deny"><i class="fa fa-fw fa-times"></i> No, do not delete</button>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
|
|
Loading…
Reference in a new issue