Koha/svc
David Cook c6ef2aba6b
Bug 34369: Require CSRF token for updating system preferences
This patch adds the requirements that updating a system preference
requires a CSRF token. (Also, adding and deleting local system preferences.)

0. Apply patch
1. koha-plack --reload kohadev
2. Add local system preference
3. Update local system preference
4. Delete local system preference
5. Update normal system preference
6. Note no errors

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 18:18:40 -03:00
..
cataloguing Bug 31682: Silence automatic linker warn 2022-10-11 10:41:23 -03:00
club Bug 25079: Add a 'edit' functionality to the Clubs tool in the staff interface 2023-06-23 11:00:49 -03:00
config Bug 34369: Require CSRF token for updating system preferences 2023-09-25 18:18:40 -03:00
letters Bug 32496: Reduce unnecessary unblessings of objects in Circulation.pm 2023-09-22 10:52:39 -03:00
mana Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
members Bug 30063: Remove svc/members/search 2022-04-04 09:47:01 +02:00
records Bug 32631: Error when previewing record during batch record modification 2023-01-27 16:16:43 -03:00
virtualshelves Bug 25498: Add transfer button on intranet 2022-07-19 11:25:23 -03:00
article_request Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
authentication Bug 25898: Prohibit indirect object notation 2020-10-15 12:56:30 +02:00
authorised_values Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
barcode Bug 34732: (QA follow-up): tidy up code 2023-09-19 16:34:23 -03:00
bib Bug 29697: Replace some missing occurrences 2022-07-25 09:30:30 -03:00
bib_framework Bug 28750: fix svc/bib_framework 2021-07-26 16:28:52 +02:00
bib_profile Bug 25898: Prohibit indirect object notation 2020-10-15 12:56:30 +02:00
checkin Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
checkout_notes Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
checkouts Bug 33804: Use as_due_date to display due dates 2023-07-14 08:59:39 -03:00
convert_report Bug 34533: jsdiff library missing from guided reports page 2023-08-29 14:37:13 -03:00
cover_images Bug 29771: Remove trivial cases 2022-03-08 23:03:34 -10:00
creator_batches Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
holds Bug 24860: Add hold's item group to holds table on circulation.pl and moremember.pl 2022-11-04 19:39:57 -03:00
import_bib Bug 15869: Change framework on overlay 2023-02-07 10:32:22 -03:00
localization
new_bib Bug 29697: Replace some missing occurrences 2022-07-25 09:30:30 -03:00
problem_reports Bug 28785: Adjust check_cookie_auth calls 2021-10-18 11:28:41 +02:00
recall Bug 30924: Add missing branchtransfers.reason value for recall cancellation 2022-06-13 10:30:51 -03:00
renew Bug 33444: Update AddRenewal to take a hashref of params 2023-07-19 12:06:52 -03:00
report Bug 26669: (QA follow-up) Update last run when report run by name 2022-04-04 16:23:46 +02:00
return_claims Bug 29931: (follow-up) Fix svc/checkouts and return_claims too 2022-03-15 22:30:50 -10:00
split_callnumbers Bug 26251: Remove unused routines from svc/split_callnumbers 2020-08-20 10:23:56 +02:00