Use of uninitialized value $op in string eq at /kohadevbox/koha/members/memberentry.pl line 86.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 34478: [TO SQUASH] Manual fix - Make Koha::Token use session id not userenv id
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The numbering patterns script has been update to look for "cud-modify"
to load the edit form, but that's a GET operation and can stay "modify."
The delete buttons have been updated to be a POSTed form.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the "Delete" button on the comments moderation page
to convert the GET link to a posted form.
Unrelated: The JavaScript has also been modified so that it asks for
confirmation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch updates the "Remove" button from items which are in a
rotating collection (in the "Manage items" stage). A GET link is
converted to a posted form.
Unrelated: The JavaScript has also been modified so that it asks for
confirmation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch modifies the patron file template to convert the "Delete"
link to a form which includes the CSRF token. The script has already
been modified to check for the "op" value updated in the template.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch converts the delivery delete buttons to a form and changes
the corresponding op check in the script.
The patch also fixes an error in the form markup and corrects the op
parameter name in several links.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The op value is set in the JavaScript, where it hasn't been updated to
match the "cud-delete" value checked in the script.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch makes two changes: The first changes the name of the op value
matched in the script when editing a set. The "mod" step is a GET
operation to load the edit form.
The second change is a workaround for the fact that a submit
button looks bad in a Bootstrap dropdown. The patch creates a hidden
form for deletion operations. Clicking a "delete" link in a dropdown
fills the hidden form with the OAI set id to be deleted and submits it.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
"delete_confirm" is a GET operation leading to a confirmation page,
where "cud-delete_confirmed" should submit a POST to delete.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch converts the delete link on the item search field page to a
form with a POST operation.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The AJAX call in the template still used "action" instead of
"op".
The patch also fixes references to "action" in the POD and corrects
"toggle" to "cud-toggle".
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I also move the writeoff handling out of it's own block in into the rest
of the x_individual handling.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The "action" hidden field was renamed to "op", but "action" was still
being looked for in the script.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Too much changes needed. Main functionality works again.
Some improvements can still be made.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This patch converts the delete links on the classification
configuration page for sources, filing rules, and splitting rules to
POST forms.
A couple of op checks in the script are corrected to match.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
On the cities administration page, the delete button is a GET operation
to a second form for confirmation.
This script should be checking for op=delete_confirm, not
cud-delete_confirm.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
From the list of a tag's subfields (e.g.
/cgi-bin/koha/admin/auth_subfields_structure.pl?tagfield=245&frameworkcode=)
the delete button is a GET operation to a second form for confirmation.
This script should be checking for op=delete_confirm, not cud-delete-confirm.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
From the list of a tag's subfields (e.g.
/cgi-bin/koha/admin/marc_subfields_structure.pl?tagfield=245&frameworkcode=)
the delete button is a GET operation to a second form for confirmation.
This script should be checking for op=delete_confirm, not
cud-delete-confirm.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The pay to paycollect post/redirect flow here doesn't actually
consistute a state change, however it's much simpler to add the csrf
token check flow here than to refactor the code to a get (url's quickly
grow too large for a GET) or rework it in other ways. I opted to do
this for now and work on a refactor at a future date.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
The Export CSV operation is GET and uses op=export, so the script should
not check for "cud-op."
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Installer was stuck after "Set up database" with a blank page
It also fixes 00-onboarding.t
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 34478: [TO SQUASH] Manual fix - change links to JS form submission - cleanup comments and unused routine - request.pl/.tt
Bug 34478: [TO SQUASH] Manual fix - link to js post and add op to form - request.tt
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This form calls a payment plugin to prep a new form that submits to a
the payment site external to Koha.
This form does not change state but a change to GET would cause failures
if trying to pay more than 133 fees on Chrome ( but not Firefox ).
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Bug 34478: [TO SQUASH] tools/modborrowers
We actually want to POST here to not reach the limit of a GET request.
It also fixes the following warning in the console:
Form contains enctype=multipart/form-data, but does not contain method=post. Submitting normally with method=GET and no enctype instead.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
