Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/tools
History
Jonathan Druart b990b953b3 Bug 21993: Display a user-friendly message when the CSRF token is wrong 
Instead of dying!

Test plan:
Assuming you have a patron with borrowernumber=51 and another one that
can be deleted with borrowernumber=42

- authorities-home.pl
 * Delete an authority record
 * hit /cgi-bin/koha/authorities/authorities-home.pl?op=delete

- basket/sendbasket.pl
 * Send a basket to someone
 * hit /cgi-bin/koha/basket/sendbasket.pl?email_add=1

- members/apikeys.pl
  * Generate and delete an API key for a patron
  * hit /cgi-bin/koha/members/apikeys.pl?patron_id=51&op=delete

- members/deletemem.pl
  * Delete a patron
  * hit /cgi-bin/koha/members/deletemem.pl?member=42&op=delete_confirmed

- members/mancredit.pl
  * Add a manual credit
  * hit /cgi-bin/koha/members/mancredit.pl?borrowernumber=51&add=1

- members/maninvoice.pl
  * Add a manual invoice
  * hit /cgi-bin/koha/members/maninvoice.pl?borrowernumber=51&add=1

- members/member-flags.pl
  * Change permissions for a patron
  * hit /cgi-bin/koha/members/member-flags.pl?member=51&newflags=1

- members/member-password.pl
  * Change the password for a patron (from the staff interface)
  * hit /cgi-bin/koha/members/member-password.pl?member=51&newpassword=aA1

- members/memberentry.pl
  * Edit some patron's info
  * hit /cgi-bin/koha/members/memberentry.pl?borrowernumber=51&op=save

- members/paycollect.pl
  * Pay an individual fine
  * hit something like /cgi-bin/koha/members/paycollect.pl?borrowernumber=51&pay_individual=1&accounttype=L&amount=1.00&amountoutstanding=1.00&accountlines_id=157&paid=1
  You may need to edit some values

- tools/import_borrowers.pl
  * Import some patrons
  * hit /cgi-bin/koha/tools/import_borrowers.pl?uploadborrowers=1

- tools/picture-upload.pl
  * Upload an image for a patron
  * You will need to edit the html content
  hit Home › Tools › Upload patron images
  then locate the csrf_token input and modify its value

Note for QA:
- Opac is not done as blocking_errors.inc does not exist for this
interface
- ill/ill-requests.pl
I did not manage to replace this occurrence

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-25 20:38:32 +00:00
..
csv-profiles MT2116: Addons to the CSV export 2010-02-17 07:51:33 -05:00
quotes
access_files.pl Bug 21695: Clean up access files template 2018-12-26 20:47:04 +00:00
ajax-inventory.pl Bug 11944: use CGI( -utf8 ) everywhere 2015-01-13 13:07:21 -03:00
automatic_item_modification_by_age.pl Bug 16889: Remove C4::Items::biblioitems_columns and use Koha::Biblioitems->columns instead 2016-07-15 18:12:13 +00:00
background-job-progress.pl
batch_delete_records.pl
batch_record_modification.pl Bug 21142: Open uploaded files in utf-8 - batch mod/del 2018-08-21 11:45:19 +00:00
batch_records_ajax.pl Bug 21579: Make showdiffmarc.pl work for authorities and biblios 2018-10-17 12:29:41 +00:00
batchMod.pl Bug 22022: Correct ordering for authorised values 2018-12-19 16:33:52 +00:00
cleanborrowers.pl Bug 16966: move parameters to hashref 2017-03-03 17:20:05 +00:00
copy-holidays.pl
csv-profiles.pl Bug 8612: [Follow-up] Make usage and type different columns in table 2017-06-05 12:02:08 -03:00
exceptionHolidays.pl Bug 20017: use Modern::Perl in Tools perl scripts 2018-02-05 09:46:45 -03:00
export.pl Bug 18201: Export data -Fix "Remove non-local items" option and add "Removes non-local records" option for existing functionality 2017-12-21 13:10:03 -03:00
holidays.pl Bug 20017: use Modern::Perl in Tools perl scripts 2018-02-05 09:46:45 -03:00
import_borrowers.pl Bug 21993: Display a user-friendly message when the CSRF token is wrong 2019-01-25 20:38:32 +00:00
inventory.pl Bug 21413: Inventory - Skip items with waiting holds 2018-11-08 13:32:41 +00:00
koha-news.pl
letter.pl Bug 22002: (bug 21621 follow-up) Re-add GROUP BY in letter.pl and fix it 2019-01-18 20:25:34 +00:00
manage-marc-import.pl Bug 20180: [sql_modes] Remove GROUP BY clause in manage-marc-import.pl 2018-04-09 16:15:17 -03:00
marc_modification_templates.pl Bug 13560: Add an 'Add' option for marc modification templates 2018-07-19 17:22:18 +00:00
modborrowers.pl Bug 21854: Use template plugin to display category description 2018-11-21 11:24:16 +00:00
newHolidays.pl Bug 20017: use Modern::Perl in Tools perl scripts 2018-02-05 09:46:45 -03:00
overduerules.pl
picture-upload.pl Bug 21993: Display a user-friendly message when the CSRF token is wrong 2019-01-25 20:38:32 +00:00
quotes-upload.pl Bug 20017: use Modern::Perl in Tools perl scripts 2018-02-05 09:46:45 -03:00
quotes.pl
scheduler.pl
showdiffmarc.pl Bug 21579: Make showdiffmarc.pl work for authorities and biblios 2018-10-17 12:29:41 +00:00
stage-marc-import.pl Bug 21333: Add ability to add to basket from a new file 2018-09-26 19:05:53 +00:00
stockrotation.pl
tools-home.pl Bug 18403: Patron reviews 2018-02-12 15:41:41 -03:00
upload-cover-image.pl
upload-file.pl
upload.pl Bug 19633: Use alphanumeric error codes in upload 2018-08-10 10:10:46 +00:00
viewlog.pl Bug 21242: If not searching for patron, move to log viewer 2018-10-29 01:02:21 +00:00