Koha/tags at b07f4debb73b01aa0a72a2b10506e171e79a8c05 - Koha-community/Koha - Koha: The world's first free and open source library system

History

Galen Charlton 6c1da551ea bug 9401: remove direct reads of CGISESSID cookie by JavaScript Having embedded JavaScript read the session cookie directly is unnecessary and prevents the CGISESSID cookie being marked httpOnly as a security measure. The only Koha JS attempting this was the AJAX tags code. To test: - In general, verify that there are no regression withs adding tags in the OPAC or reviewing them in the staff interface. - In specific, for the OPAC - log into the OPAC - retrieve a bib record - add a tag - refresh the bib details page to verify that the tag was added - make sure the TagsInputOnList syspref is on - perform a search - add a tag to more than one record from the search results page - repeat the preceding using the CCSR theme - And in the staff interface - Go to the review tags tool - Reject a tag - Refresh to verify that the tag was rejected Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>	2013-02-01 11:05:35 -05:00
..
list.pl	Bug 8315 - remove use C4::* version	2012-07-13 14:17:20 +02:00
review.pl	bug 9401: remove direct reads of CGISESSID cookie by JavaScript	2013-02-01 11:05:35 -05:00

Galen Charlton 6c1da551ea bug 9401: remove direct reads of CGISESSID cookie by JavaScript

Having embedded JavaScript read the session cookie directly
is unnecessary and prevents the CGISESSID cookie being marked
httpOnly as a security measure.  The only Koha JS attempting
this was the AJAX tags code.

To test:

- In general, verify that there are no regression withs
  adding tags in the OPAC or reviewing them in the staff interface.
- In specific, for the OPAC
  - log into the OPAC
  - retrieve a bib record
  - add a tag
  - refresh the bib details page to verify that the
    tag was added
  - make sure the TagsInputOnList syspref is on
  - perform a search
  - add a tag to more than one record from the search results page
  - repeat the preceding using the CCSR theme
- And in the staff interface
  - Go to the review tags tool
  - Reject a tag
  - Refresh to verify that the tag was rejected

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>

2013-02-01 11:05:35 -05:00

list.pl

Bug 8315 - remove use C4::* version

2012-07-13 14:17:20 +02:00

review.pl

bug 9401: remove direct reads of CGISESSID cookie by JavaScript

2013-02-01 11:05:35 -05:00