Koha/admin
David Cook c6ef2aba6b
Bug 34369: Require CSRF token for updating system preferences
This patch adds the requirements that updating a system preference
requires a CSRF token. (Also, adding and deleting local system preferences.)

0. Apply patch
1. koha-plack --reload kohadev
2. Add local system preference
3. Update local system preference
4. Delete local system preference
5. Update normal system preference
6. Note no errors

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 18:18:40 -03:00
..
searchengine/elasticsearch Bug 34740: Update sort options in ES config to by Yes/No 2023-09-18 15:31:52 -03:00
additional-fields.pl Bug 11844: Use additional fields for order lines 2023-05-16 12:58:38 +02:00
admin-home.pl
adveditorshortcuts.pl
aqbudgetperiods.pl
aqbudgets.pl
aqcontract.pl
aqplan.pl
audio_alerts.pl
auth_subfields_structure.pl
auth_tag_structure.pl
authorised_values.pl
authtypes.pl
background_jobs.pl
biblio_framework.pl
branch_transfer_limits.pl
branches.pl
cash_registers.pl
categories.pl
check_budget_parent.pl
check_parent_total.pl
checkmarc.pl
cities.pl
classsources.pl
clone-rules.pl
columns_settings.pl
columns_settings.yml Bug 28449: Add column with invoice number to basket summary page 2023-09-25 10:53:50 -03:00
credit_types.pl
curbside_pickup.pl
currency.pl
debit_types.pl Bug 32450: Noissuescharge debit type exclusions 2023-05-17 10:25:06 -03:00
desks.pl
didyoumean.pl
edi_accounts.pl Bug 34261: Add missing argument to show_account 2023-07-14 15:23:16 -03:00
edi_ean_accounts.pl
identity_providers.pl
import_export_authtype.pl
import_export_framework.pl
item_circulation_alerts.pl
items_search_field.pl
items_search_fields.pl
itemtypes.pl
koha2marclinks.pl
library_groups.pl
localization.pl
marc-overlay-rules.pl Bug 33335: (QA follow-up) Polishing and comments 2023-05-12 17:50:09 -03:00
marc_subfields_structure.pl
marctagstructure.pl
matching-rules.pl
oai_set_mappings.pl
oai_sets.pl
overdrive.pl
patron-attr-types.pl
preferences.pl Bug 34369: Require CSRF token for updating system preferences 2023-09-25 18:18:40 -03:00
restrictions.pl Bug 33578: Fix controller when editing a restriction type 2023-06-23 10:01:06 -03:00
search_filters.pl
share_content.pl
smart-rules.pl Bug 32271: (QA follow-up) Convert all positive numbers to monetary float and convert all 0 equivilents to blank value 2023-07-19 13:00:37 -03:00
sms_providers.pl
smtp_servers.pl Bug 34616: Fix showing default server info on edit SMTP server page 2023-09-01 11:07:30 -03:00
sru_modmapping.pl
systempreferences.pl Bug 34369: Require CSRF token for updating system preferences 2023-09-25 18:18:40 -03:00
transfer_limits.pl
transport-cost-matrix.pl
usage_statistics.pl
z3950servers.pl