The "list" step (previewing records to be modified) is a post operation
so the op must be cud-list.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch adds some CSS for handling the style of form buttons inside
Bootstrap dropdowns and corrects related markup in two places: Authority
search results and Suggestion management.
Buttons should look correct if we avoid using <fieldset> inside
dropdowns and make sure the button has "btn btn-default" classes.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Use of uninitialized value $op in string eq at /kohadevbox/koha/members/memberentry.pl line 86.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 34478: [TO SQUASH] Manual fix - Make Koha::Token use session id not userenv id
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The numbering patterns script has been update to look for "cud-modify"
to load the edit form, but that's a GET operation and can stay "modify."
The delete buttons have been updated to be a POSTed form.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the "Delete" button on the comments moderation page
to convert the GET link to a posted form.
Unrelated: The JavaScript has also been modified so that it asks for
confirmation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the "Remove" button from items which are in a
rotating collection (in the "Manage items" stage). A GET link is
converted to a posted form.
Unrelated: The JavaScript has also been modified so that it asks for
confirmation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the patron file template to convert the "Delete"
link to a form which includes the CSRF token. The script has already
been modified to check for the "op" value updated in the template.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch converts the delivery delete buttons to a form and changes
the corresponding op check in the script.
The patch also fixes an error in the form markup and corrects the op
parameter name in several links.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The op value is set in the JavaScript, where it hasn't been updated to
match the "cud-delete" value checked in the script.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes two changes: The first changes the name of the op value
matched in the script when editing a set. The "mod" step is a GET
operation to load the edit form.
The second change is a workaround for the fact that a submit
button looks bad in a Bootstrap dropdown. The patch creates a hidden
form for deletion operations. Clicking a "delete" link in a dropdown
fills the hidden form with the OAI set id to be deleted and submits it.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
"delete_confirm" is a GET operation leading to a confirmation page,
where "cud-delete_confirmed" should submit a POST to delete.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch converts the delete link on the item search field page to a
form with a POST operation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The AJAX call in the template still used "action" instead of
"op".
The patch also fixes references to "action" in the POD and corrects
"toggle" to "cud-toggle".
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I also move the writeoff handling out of it's own block in into the rest
of the x_individual handling.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The "action" hidden field was renamed to "op", but "action" was still
being looked for in the script.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Too much changes needed. Main functionality works again.
Some improvements can still be made.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch converts the delete links on the classification
configuration page for sources, filing rules, and splitting rules to
POST forms.
A couple of op checks in the script are corrected to match.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
On the cities administration page, the delete button is a GET operation
to a second form for confirmation.
This script should be checking for op=delete_confirm, not
cud-delete_confirm.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
From the list of a tag's subfields (e.g.
/cgi-bin/koha/admin/auth_subfields_structure.pl?tagfield=245&frameworkcode=)
the delete button is a GET operation to a second form for confirmation.
This script should be checking for op=delete_confirm, not cud-delete-confirm.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
From the list of a tag's subfields (e.g.
/cgi-bin/koha/admin/marc_subfields_structure.pl?tagfield=245&frameworkcode=)
the delete button is a GET operation to a second form for confirmation.
This script should be checking for op=delete_confirm, not
cud-delete-confirm.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The pay to paycollect post/redirect flow here doesn't actually
consistute a state change, however it's much simpler to add the csrf
token check flow here than to refactor the code to a get (url's quickly
grow too large for a GET) or rework it in other ways. I opted to do
this for now and work on a refactor at a future date.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>