Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Main Koha release repository https://koha-community.org
55057 commits 35 branches 616 tags 1.8 GiB
Perl 45.6%
JavaScript 39.3%
HTML 7.2%
XSLT 3.7%
Vue 1.4%
Other 2.3%
Find a file
Phil Ringnalda 66eabead5f
Bug 37979: Toggling item circulation alerts table cells needs to send csrf_token 
When you click on a cell in the Item circulation alerts table, the page sends
a POST to /cgi-bin/koha/admin/item_circulation_alerts.pl without including a
csrf_token, which gets back a 403 error because that's sketchy behavior. It
needs to include the token.

Test plan:
1. Administration - Item circulation alerts
2. Open the browser devtools to the console
3. Click on any green table cell
4. It should have turned red, but instead your console turned red with a 403
5. Apply patch, reload
6. Click on any green table cell, it will turn red

Sponsored-by: Chetco Community Public Library

https://bugs.koha-community.org/show_bug.cgi?id=37959
Signed-off-by: Jan Kissig <jkissig@th-wildau.de>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-09-27 18:00:31 +02:00
acqui Bug 34805: (QA follow-up) Tidy acqui/acqui-home.pl 2024-09-13 13:54:22 +02:00
admin Bug 34159: Budget planning shouldn't add every authorized value starting with A 2024-09-16 13:47:08 +02:00
api Bug 37592: (QA follow-up) Fetch database fields for api return 2024-09-18 05:01:10 +01:00
authorities Bug 37235: Fix export of single authority record 2024-07-08 17:49:19 +02:00
basket Bug 34478: Add 'op' to sendbasketform 2024-03-01 10:58:53 +01:00
bin
bookings Bug 35574: Bookings tab from biblio details should only require manage_bookings permission 2023-12-18 15:21:04 +01:00
C4 Bug 35100: (follow-up) Tidy 2024-09-19 12:41:58 +01:00
catalogue Bug 37380: Replace uses of GetMarcControlnumber for get_control_number() 2024-09-16 10:41:05 +02:00
cataloguing Bug 37429: Set default value for global variables 2024-08-16 17:33:45 +02:00
circ Bug 35100: Various fixes 2024-09-19 12:41:50 +01:00
clubs Bug 34478: Manual fix - add op clubs/templates-add-modify 2024-03-01 10:57:55 +01:00
course_reserves Bug 28762: Use Koha::Course in course-details controller 2024-07-23 16:04:05 +01:00
debian Bug 34088: Move the 'needs update' test to a separate script 2024-09-17 10:48:39 +02:00
docs Update contributor list with some new contributors 2024-09-13 16:06:22 +02:00
erm Bug 32922: Remove space in shebang 2023-02-20 09:44:06 -03:00
errors Bug 37741: Do not send cookie back from error pages 2024-08-30 12:45:45 +02:00
etc Bug 37087: Add TCP keepalive support to SIP server 2024-08-20 15:32:47 +02:00
ill Bug 24471: Rename handle_commit_maybe method 2024-08-23 19:13:48 +02:00
installer Bug 23685: DBRev 24.06.00.031 2024-09-27 18:00:30 +02:00
Koha Bug 23685: (follow-up) Add export limit for guided reports 2024-09-27 18:00:29 +02:00
koha-tmpl Bug 37979: Toggling item circulation alerts table cells needs to send csrf_token 2024-09-27 18:00:31 +02:00
labels Bug 37206: Removing an item from a label batch should be a CSRF-protected POST operation 2024-07-02 17:20:38 +02:00
lib Bug 35681: Use ::Bootstrap version of FromANSI 2024-05-02 16:47:39 +02:00
members Bug 37881: Editing patron with guarantor won't crash 2024-09-13 13:54:23 +02:00
misc Bug 37775: Spelling and tidy 2024-09-19 12:39:14 +01:00
offline_circ Bug 34478: Changes for offline_circ 2024-03-01 10:58:34 +01:00
opac Bug 37887: OPAC password recovery needs to use a cud- op while POSTing new password 2024-09-17 10:48:41 +02:00
patron_lists Bug 34478: Changes for patron_lists/add-modify 2024-03-01 10:57:41 +01:00
patroncards Bug 37614: Printing patron cards from patron lists should be a GET 2024-08-16 17:33:45 +02:00
plugins Bug 30897: Add option to disable automated restart 2024-04-11 16:53:42 +02:00
pos Bug 33478: Apply formatting to RECEIPT 2024-04-26 20:15:44 +02:00
preservation Bug 34030: Add a "print slips" action links to print in batch 2023-10-23 11:33:55 -03:00
recalls Bug 33478: Apply formatting to RECALL_REQUESTER_DET 2024-04-26 20:15:45 +02:00
reports Bug 23685: (follow-up) Control ODS exporting 2024-09-27 18:00:29 +02:00
reserve Bug 37587: (QA follow-up) Tidy reserve/placerequest.pl 2024-09-16 10:40:55 +02:00
reviews Bug 2486: Show user comments in staff interface 2024-08-26 17:39:42 +02:00
rotating_collections Bug 34478: Manual fix - add op - rotating_collections/addItems 2024-03-01 10:57:33 +01:00
serials Bug 35044: (QA follow-up): Allow for '0' in serials batch edit 2024-08-23 18:21:27 +02:00
services
skel
suggestion Bug 37337: Pass the save $op when biblio_exists 2024-07-18 17:53:12 +02:00
svc Bug 35931: More preselected items in the renew column on patron checkouts 2024-08-23 19:13:49 +02:00
t Bug 23685: (follow-up) Add export limit for guided reports 2024-09-27 18:00:29 +02:00
tags Bug 34478: Add 'op' to tags/review 2024-03-01 10:58:25 +01:00
tools Bug 36915: Send email notification when a booking is cancelled 2024-08-27 12:14:17 +02:00
virtualshelves Bug 37285: (QA follow-up) Perl Tidy 2024-07-26 13:56:33 +01:00
xt Bug 37490: Add a test to detect when yarn.lock is not updated 2024-09-02 12:13:47 +02:00
.editorconfig Bug 27375: Set YAML file settings in .editorconfig 2021-11-03 15:40:52 +01:00
.eslintrc.json Bug 36400: Centralize {js,ts,vue} formatting config in .prettierrc.js 2024-04-22 08:57:39 +02:00
.gitignore Bug 35402: Update the OPAC and staff interface to Bootstrap 5 2024-08-23 15:58:41 +02:00
.htaccess
.mailmap Bug 36943: (follow-up) 24.05.00 - Update .mailmap 2024-05-24 15:36:40 +02:00
.perlcriticrc
.perltidyrc Bug 30002: Adjust perltidy 2023-06-08 08:32:42 -03:00
.prettierrc.js Bug 36400: (follow-up) remove option editorconfig from .prettierrc.js 2024-04-22 08:57:40 +02:00
.proverc.dist Bug 19821: Install sample data, ES mappings and Version syspref 2021-10-25 11:27:40 +02:00
.stylelintrc.json Bug 31528: (follow-up) A few additional rules 2022-10-03 08:23:15 -03:00
about.pl Bug 37509: Check Elasticsearch info for both 'about' and 'sysinfo' tabs 2024-08-21 19:13:55 +02:00
app.psgi Bug 36149: Add userenv middleware to app.psgi 2024-05-14 15:04:37 -03:00
build-resources.PL Bug 32609: Use the current yarn.lock to generate node_modules 2023-02-10 11:07:57 -03:00
changelanguage.pl
cpanfile Bug 35755: Update cpanfile for Business::ISBN 3.009 2024-08-19 16:07:17 +02:00
cypress.config.ts Bug 36012: Extend cypress's requestTimeout value 2024-03-22 15:07:36 +01:00
fix-perl-path.PL
gulpfile.js Bug 35402: (follow-up) Use ~ to resolve to nearest node_modules when building css 2024-08-26 17:39:54 +02:00
help.pl
INSTALL
Koha.pm Bug 23685: DBRev 24.06.00.031 2024-09-27 18:00:30 +02:00
kohaversion.pl
LICENSE
mainpage.pl Bug 30493: (QA follow-up) Fix for the only_my_library case as well 2024-06-21 15:02:54 +02:00
Makefile.PL Bug 37824: remove references to non-existent files in Makefile.PL 2024-09-27 15:58:35 +02:00
MANIFEST.SKIP
package.json Bug 37824: Replace webpack with rspack for fun and profit 2024-09-16 13:47:06 +02:00
README
README.md
README.robots
rewrite-config.PL
rspack.config.js Bug 37824: (QA follow-up) Fix improper handling of jQuery and DataTables libraries by marking them as externals 2024-09-16 18:41:17 +02:00
tsconfig.json Bug 32030: Move cypress to t - fix build_js/watch_js 2022-11-08 09:44:52 -03:00
webpack.config.js Bug 35919: Add record sources admin page 2024-04-26 17:06:04 +02:00
yarn.lock Bug 37824: Replace webpack with rspack for fun and profit 2024-09-16 13:47:06 +02:00

README.md

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo