Bug 34650: Remove unnecessary CSRF check on edit_form
The op "edit_form" doesn't change state. It just renders the edit
form. Therefore, it doesn't need a CSRF token/check.
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit caf962fbaa
)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
This commit is contained in:
parent
1d23e46f8c
commit
e81e765d7d
2 changed files with 0 additions and 2 deletions
|
@ -39,7 +39,6 @@
|
||||||
[%~ public = public | html ~%]
|
[%~ public = public | html ~%]
|
||||||
[%~ IF can_manage_shelf ~%]
|
[%~ IF can_manage_shelf ~%]
|
||||||
[%~ action_block = '<form action="shelves.pl" method="get">' ~%]
|
[%~ action_block = '<form action="shelves.pl" method="get">' ~%]
|
||||||
[%~ action_block = BLOCK ~%][%~ action_block | $raw ~%][%~ INCLUDE 'csrf-token.inc' | trim ~%][%~ END ~%]
|
|
||||||
[%~ action_block = action_block _ '<input type="hidden" name="shelfnumber" value="' _ shelfnumber _ '" />' ~%]
|
[%~ action_block = action_block _ '<input type="hidden" name="shelfnumber" value="' _ shelfnumber _ '" />' ~%]
|
||||||
[%~ action_block = action_block _ '<input type="hidden" name="op" value="edit_form" />' ~%]
|
[%~ action_block = action_block _ '<input type="hidden" name="op" value="edit_form" />' ~%]
|
||||||
[%~ action_block = action_block _ '<input type="hidden" name="public" value="' _ public _ '" />' ~%]
|
[%~ action_block = action_block _ '<input type="hidden" name="public" value="' _ public _ '" />' ~%]
|
||||||
|
|
|
@ -64,7 +64,6 @@ if ( $op eq 'add_form' ) {
|
||||||
# Only pass default
|
# Only pass default
|
||||||
$shelf = { allow_change_from_owner => 1 };
|
$shelf = { allow_change_from_owner => 1 };
|
||||||
} elsif ( $op eq 'edit_form' ) {
|
} elsif ( $op eq 'edit_form' ) {
|
||||||
output_and_exit_if_error($query, $cookie, $template, { check => 'csrf_token' });
|
|
||||||
$shelfnumber = $query->param('shelfnumber');
|
$shelfnumber = $query->param('shelfnumber');
|
||||||
$shelf = Koha::Virtualshelves->find($shelfnumber);
|
$shelf = Koha::Virtualshelves->find($shelfnumber);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue