Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 34478: Replace get with post when needed

Browse source 
This is what has been marked as done in "csrf_get.txt"

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
Jonathan Druart 2023-08-04 10:32:17 +02:00
parent 0631153f06
commit 8e3901342a
Signed by: jonathan.druart
GPG key ID: A085E712BEF0E0F0
10 changed files with 13 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
koha-tmpl/intranet-tmpl/prog/en/modules/patroncards/edit-layout.tt
View file

@ -59,7 +59,7 @@
</h1>
<!-- NOTE: The order of the elements on this form is crictical to correct processing. You've been warned... -->
<form name="input" action="/cgi-bin/koha/patroncards/edit-layout.pl" method="get">
<form name="input" action="/cgi-bin/koha/patroncards/edit-layout.pl" method="post">
<div class="row">
<div class="col-sm-6">
<fieldset class="rows">

2
koha-tmpl/intranet-tmpl/prog/en/modules/patroncards/edit-profile.tt
View file

@ -57,7 +57,7 @@
<span>New printer profile</span>
[% END%]
</h1>
<form name="input" action="/cgi-bin/koha/patroncards/edit-profile.pl" method="get">
<form name="input" action="/cgi-bin/koha/patroncards/edit-profile.pl" method="post">
<fieldset class="rows"><legend>Profile settings</legend>
<ol>
<li>

2
koha-tmpl/intranet-tmpl/prog/en/modules/patroncards/edit-template.tt
View file

@ -58,7 +58,7 @@
[% END %]
[% IF (template_id) %] ([% template_id | html %])[% END %]
</h1>
<form name="input" action="/cgi-bin/koha/patroncards/edit-template.pl" method="get">
<form name="input" action="/cgi-bin/koha/patroncards/edit-template.pl" method="post">
<div class="row">
<div class="col-sm-6">
<fieldset class="rows">

2
koha-tmpl/intranet-tmpl/prog/en/modules/pos/pay.tt
View file

@ -43,7 +43,7 @@
You must have at least one cash register associated with the library before you can record payments.
</p>
[% IF ( CAN_user_parameters_manage_cash_registers ) %]
<form action="/cgi-bin/koha/admin/cash_registers.pl" method="get">
<form action="/cgi-bin/koha/admin/cash_registers.pl" method="post">
<input type="hidden" name="op" value="add_form" />
<button class="new" type="submit"><i class="fa fa-plus"></i> Create a new cash register</button>
</form>

2
koha-tmpl/intranet-tmpl/prog/en/modules/pos/register.tt
View file

@ -40,7 +40,7 @@
You must have at least one cash register associated with the library before you can record payments.
</p>
[% IF ( CAN_user_parameters_manage_cash_registers ) %]
<form action="/cgi-bin/koha/admin/cash_registers.pl" method="get">
<form action="/cgi-bin/koha/admin/cash_registers.pl" method="post">
<input type="hidden" name="op" value="add_form" />
<button class="new" type="submit"><i class="fa fa-plus"></i> Create a new cash register</button>
</form>

2
koha-tmpl/intranet-tmpl/prog/en/modules/pos/registers.tt
View file

@ -37,7 +37,7 @@
You must have at least one cash register associated with the library before you can record payments.
</p>
[% IF ( CAN_user_parameters_manage_cash_registers ) %]
<form action="/cgi-bin/koha/admin/cash_registers.pl" method="get">
<form action="/cgi-bin/koha/admin/cash_registers.pl" method="post">
<input type="hidden" name="op" value="add_form" />
<button class="new" type="submit"><i class="fa fa-plus"></i> Create a new cash register</button>
</form>

2
koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-detail-sidebar.inc
View file

@ -118,7 +118,7 @@
<h3 class="modal-title" id="exportModalLabel">Exporting to Dublin Core...</h3>
<button type="button" class="closebtn" data-dismiss="modal" aria-hidden="true">&times;</button>
</div>
<form method="get" action="/cgi-bin/koha/opac-export.pl">
<form method="post" action="/cgi-bin/koha/opac-export.pl">
<div class="modal-body">
<fieldset id="dc_fieldset">
<input id="input-simple" type="radio" name="format" value="rdfdc">

2
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authorities-home.tt
View file

@ -31,7 +31,7 @@
<div class="col order-first order-md-first order-lg-2">
[% END %]
<div id="userauthhome" class="maincontent">
<form name="f" action="/cgi-bin/koha/opac-authorities-home.pl" method="get">
<form name="f" action="/cgi-bin/koha/opac-authorities-home.pl" method="post">
<input type="hidden" name="op" value="do_search" />
<input type="hidden" name="type" value="opac" />
<fieldset class="rows">

2
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-recall.tt
View file

@ -61,7 +61,7 @@
[% IF logged_in_user %]
<div class="dialog">
<form id="recallform" action="/cgi-bin/koha/opac-recall.pl" method="get">
<form id="recallform" action="/cgi-bin/koha/opac-recall.pl" method="post">
<fieldset class="rows" id="options">
<legend>Place a recall on <b>[% biblio.title | html %]</b> ([% biblio.author | html %])?</legend>
<ul>

8
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt
View file

@ -244,7 +244,7 @@
[% IF can_manage_shelf %]
<span class="sep">|</span>
<form method="get" action="/cgi-bin/koha/opac-shelves.pl" class="d-inline">
<form method="post" action="/cgi-bin/koha/opac-shelves.pl" class="d-inline">
<input type="hidden" name="op" value="edit_form" />
<input type="hidden" name="referer" value="view" />
<input type='hidden' name='public' value='[% shelf.public | html %]' />
@ -550,7 +550,7 @@
<a class="btn btn-link newshelf" href="/cgi-bin/koha/opac-shelves.pl?op=add_form"><i class="fa fa-fw fa-plus" aria-hidden="true"></i> New list</a>
[% IF can_manage_shelf %]
<span class="sep">|</span>
<form method="get" action="/cgi-bin/koha/opac-shelves.pl" class="d-inline">
<form method="post" action="/cgi-bin/koha/opac-shelves.pl" class="d-inline">
<input type="hidden" name="op" value="edit_form" />
<input type="hidden" name="referer" value="view" />
<input type="hidden" name="public" value="[% shelf.public | html %]" />
@ -759,7 +759,7 @@
<td>[% s.lastmodified | $KohaDates %]</td>
<td>
[% IF s.can_be_managed( loggedinusernumber ) %]
<form action="/cgi-bin/koha/opac-shelves.pl" method="get" class="d-inline">
<form action="/cgi-bin/koha/opac-shelves.pl" method="post" class="d-inline">
<input type="hidden" name="shelfnumber" value="[% s.shelfnumber | html %]" />
<input type="hidden" name="public" value="[% s.public | html %]" />
<input type="hidden" name="op" value="edit_form" />
@ -774,7 +774,7 @@
<a href="/cgi-bin/koha/opac-shareshelf.pl?op=invite&shelfnumber=[% s.shelfnumber | uri %]" class="sharelist btn btn-link"><i class="fa fa-share" aria-hidden="true"></i> Share</a>
[% END %]
[% IF s.is_shared AND s.can_be_managed( loggedinusernumber ) %]
<form action="/cgi-bin/koha/opac-shelves.pl" method="get" class="d-inline">
<form action="/cgi-bin/koha/opac-shelves.pl" method="post" class="d-inline">
<input type="hidden" name="shelfnumber" value="[% s.shelfnumber | html %]" />
<input type="hidden" name="public" value="0" />
<input type="hidden" name="op" value="transfer" />