b13c971ee7
Bug 34478: op =~ ^cud- in pl/pm - Manual preferences.pl
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:30 +01:00
366d8cafcb
Bug 34478: Add method="get" to forms without method
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:29 +01:00
9742566b54
Bug 34478: Remove duplicated form in virtualshelves/downloadshelf.tt
...
Just... don't ask... It's there since 2010
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:28 +01:00
2fed3f5b79
Bug 34478: Manual fix - label-edit-profile (cud-save)
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:27 +01:00
8cff9b57dd
Bug 34478: Manual fix - label-edit-template (cud-save)
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:27 +01:00
b3c46d527b
Bug 34478: Manual fix - label-edit-layout (cud-save)
...
Also updated 'cud-edit' in the controller back to 'edit' as it's a 'get'
request to display the form.. i.e. read not create, write or update.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:26 +01:00
e6a59baa82
Bug 34478: Manual fix - subscription-nuberpatterns (cud-del)
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:25 +01:00
f31b3367da
Bug 34478: Manual fix - subscription-frequencies (cud-del)
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:24 +01:00
d4a1c1e51f
Bug 34478: Manual fix - parcels.pl (cud-confirm cud-new)
...
Bug 34478: [TO SQUASH] Manual fix - parcels.pl (cud-confirm cud-new)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:23 +01:00
acee057c4c
Bug 34478: Manual fix - edi_ean (cud-ediorder)
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:22 +01:00
ed70fdc2a8
Bug 34478: Manual fix - basketgroups
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:22 +01:00
fec3a9c231
Bug 34478: Manual fix - account refund - Add op param to forms
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:21 +01:00
beec6ef5df
Bug 34478: Manual fix - delete baskets - Add csrf include
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:20 +01:00
a89d4576b1
Bug 34478: Manual fix - delete baskets
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:19 +01:00
f99d7a76e3
Bug 34478: Manual fix - account line discount
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:18 +01:00
399885aaca
Bug 34478: Manual fix - account refund
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:17 +01:00
1a98ef7584
Bug 34478: Manual fix - account payout
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:16 +01:00
918fbc24f7
Bug 34478: Display programming errors in case plack.psgi caught something suspicious
...
It will help developpers to debug the problematic places.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:16 +01:00
1f081b86b6
Bug 34478: Manual fix - duplicate_orders (cud-select)
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:15 +01:00
576f0c29b2
Bug 34478: Manual fix - preferences
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:14 +01:00
b92e9a2115
Bug 34478: Manual fix - memberentry (modify)
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:13 +01:00
1ea77fbd19
Bug 34478: Manual fix - batchMod
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:12 +01:00
18e808240f
Bug 34478: op =~ ^cud- in pl/pm
...
This is the result of
bash op_must_start_with_cud-perl.sh
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:11 +01:00
11d371a620
Bug 34478: Manual fix - additem
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:10 +01:00
93e717ac31
Bug 34478: Manual fix - opac-suggestions
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:10 +01:00
d320e6fe27
Bug 34478: Replace POST with GET when needed - add_form
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:09 +01:00
8a39b582f1
Bug 34478: Adjust selenium tests
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:08 +01:00
21f5c30920
Bug 34478: Add missing csrf-token.inc for opac
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:07 +01:00
69fd7c026d
Bug 34478: op =~ ^cud- everywhere
...
This is the result of
perl op_must_start_with_cud.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:06 +01:00
4e1372b77c
Bug 34478: op =~ ^cud-
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:05 +01:00
bf9830d354
Bug 34478: op-cud - Trick CGI directly
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:04 +01:00
c8384299f7
Bug 34478: op-cud - Rename op with op-cud in templates
...
This is the result of
perl rename_op_with_op-cud.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:03 +01:00
77e3b58eee
Bug 34478: op-cud - Adjust C4::Auth code
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:02 +01:00
348dbb1594
Bug 34478: Move C4::Auth check
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:02 +01:00
314fe71ff8
Bug 34478: Remove check_csrf from pl files
...
We should no longer need to check CSRF token from pl files
TODO - there is a change for some files where we returned 403
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:01 +01:00
a0dcce9ce1
Bug 34478: Check CSRF in get_template_and_user
...
Not sure this is the right place in get_template_and_user
Will have to test login and 2FA
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:56:00 +01:00
4ed5bf19a7
Bug 34478: Add 'op' to opac-passwd
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:59 +01:00
bb69578db0
Bug 34478: Add 'op' to opac-user.tt
...
Bug 34478: [TO SQUASH] Add 'op' to opac-user.tt
Bug 34478: [TO SQUASH] Add 'op' to opac-user.tt
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:58 +01:00
a3c0c92508
Bug 34478: Add missing CSRF token to POST forms
...
This is the result of
% perl csrf_add_missing_csrf.pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:57 +01:00
7e7159bf58
Bug 34478: Remove generate_csrf from pl
...
We do not longer need to generate_csrf from pl files
TODO - members/boraccount.tt and sco/sco-main.tt needs to be adjusted
Bug 34478: [TO SQUASH] Remove generate_csrf from pl
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:56 +01:00
8596861127
Bug 34478: Replace csrf_token input with include file - manual
...
A couple of left not caught by the previous regex
Still TODO:
% git grep csrf_token **/*.inc **/*.tt
still shows example that needs to be replaced, later (because we use GET)
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:55 +01:00
4481fb3377
Bug 34478: Replace csrf_token input with include file
...
perl -p -i -n -e 's#<input type="hidden" name="csrf_token" value="\[% csrf_token \| html %]" />#[% INCLUDE '\''csrf-token.inc'\'' %]#g' **/*.tt **/*.inc
This should have actually been done at the same time as
"Bug 30524: (QA follow-up) Only generate CSRF token if it will be used"
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:55 +01:00
8e3901342a
Bug 34478: Replace get with post when needed
...
This is what has been marked as done in "csrf_get.txt"
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:54 +01:00
0631153f06
Bug 35955: Add tests
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:53 +01:00
108c955eac
Bug 35955: Cache CSRF token in template plugin
...
This change uses the Koha::Cache::Memory::Lite cache to
cache the CSRF token, so that it is only generated once,
and is re-used by the Koha::Template::Plugin::Koha object
throughout the entire template processing for the HTTP request.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:52 +01:00
e2440f2c61
Bug 36098: Default to 'file' if pref does not exist
...
During the installer process there is a bunch of warnings
"Use of uninitialized value $storage_method in string eq at"
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:51 +01:00
c42ede262a
Bug 36098: (follow-up) extend test to check driver
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:33 +01:00
5572567143
Bug 36098: Fix storage_method pass
...
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:32 +01:00
56d8ac2476
Bug 36098: Allow to pass storage_method
...
Will need this on follow-up bugs.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:32 +01:00
09de3f820b
Bug 36098: (QA follow-up) Add POD to Koha::Session
...
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2024-03-01 10:55:31 +01:00