Bug 34650: Remove unnecessary CSRF check on edit_form

The op "edit_form" doesn't change state. It just renders the edit form. Therefore, it doesn't need a CSRF token/check. Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-08-30 00:07:23 +00:00 · 2023-08-30 00:07:23 +00:00 · caf962fbaa
commit caf962fbaa
parent 7cab415f0b
2 changed files with 0 additions and 2 deletions
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt
@ -39,7 +39,6 @@
    [%~ public      = public | html ~%]
    [%~ IF can_manage_shelf ~%]
        [%~ action_block =                '<form action="shelves.pl" method="get">' ~%]
-        [%~ action_block = BLOCK ~%][%~ action_block | $raw ~%][%~ INCLUDE 'csrf-token.inc' | trim ~%][%~ END ~%]
        [%~ action_block = action_block _ '<input type="hidden" name="shelfnumber" value="' _ shelfnumber  _ '" />' ~%]
        [%~ action_block = action_block _ '<input type="hidden" name="op" value="edit_form" />' ~%]
        [%~ action_block = action_block _ '<input type="hidden" name="public" value="' _ public _ '" />' ~%]
--- a/virtualshelves/shelves.pl
+++ b/virtualshelves/shelves.pl
@ -64,7 +64,6 @@ if ( $op eq 'add_form' ) {
    # Only pass default
    $shelf = { allow_change_from_owner => 1 };
 } elsif ( $op eq 'edit_form' ) {
-    output_and_exit_if_error($query, $cookie, $template, { check => 'csrf_token' });
    $shelfnumber = $query->param('shelfnumber');
    $shelf       = Koha::Virtualshelves->find($shelfnumber);