Koha-community/Koha - Koha: The world's first free and open source library system

Koha-community/Koha

Fork 0

Commit graph

Author	SHA1	Message	Date
Kyle M Hall	98a4b52be1	Bug 30524: (QA follow-up) Only generate CSRF token if it will be used This patch avoids generating CSRF tokens unless the csrf-token.inc file is included in the template. Passed token doesn't need HTML escaped. The docs for WWW::CSRF state: The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option). Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>	2023-08-07 21:00:06 -03:00
Martin Renvoize	0221fec5ac	Bug 30524: Core CSRF checking code Split out from bug 22990 as requested. Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>	2023-08-07 20:59:58 -03:00

Author

SHA1

Message

Date

Kyle M Hall

98a4b52be1

Bug 30524: (QA follow-up) Only generate CSRF token if it will be used

This patch avoids generating CSRF tokens unless the csrf-token.inc file
is included in the template.

Passed token doesn't need HTML escaped. The docs for WWW::CSRF state:
  The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

2023-08-07 21:00:06 -03:00

Martin Renvoize

0221fec5ac

Bug 30524: Core CSRF checking code

Split out from bug 22990 as requested.

Signed-off-by: David Cook <dcook@prosentient.com.au>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

2023-08-07 20:59:58 -03:00

2 commits