Main Koha release repository https://koha-community.org
Find a file
David Cook c6ef2aba6b
Bug 34369: Require CSRF token for updating system preferences
This patch adds the requirements that updating a system preference
requires a CSRF token. (Also, adding and deleting local system preferences.)

0. Apply patch
1. koha-plack --reload kohadev
2. Add local system preference
3. Update local system preference
4. Delete local system preference
5. Update normal system preference
6. Note no errors

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2023-09-25 18:18:40 -03:00
acqui Bug 28449: Add column with invoice number to basket summary page 2023-09-25 10:53:50 -03:00
admin Bug 34369: Require CSRF token for updating system preferences 2023-09-25 18:18:40 -03:00
api Bug 34054: Allow to embed biblio on GET /items 2023-09-22 11:35:43 -03:00
authorities Bug 33406: (QA follow-up) Adjust tests and tidy 2023-09-15 15:50:43 -03:00
basket Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-12 09:44:59 -03:00
bin
C4 Bug 34513: Set auth state correctly when changing auth sessions 2023-09-25 18:18:35 -03:00
catalogue Bug 34441: Fixed Typo "Paramater" 2023-09-01 11:23:21 -03:00
cataloguing Bug 34288: Allow access to the cataloguing module with tools permission 2023-07-18 12:46:53 -03:00
circ Bug 32496: Reduce unnecessary unblessings of objects in Circulation.pm 2023-09-22 10:52:39 -03:00
clubs Bug 25079: Show club enrollment question answers in staff client 2023-06-23 11:00:54 -03:00
course_reserves Bug 20256: Use new methods 2023-02-02 11:59:26 -03:00
debian Bug 34653: Make koha-foreach return the correct status code 2023-09-25 10:56:40 -03:00
docs Bug 33899: Add the 23.11 release team 2023-06-09 08:28:57 -03:00
erm Bug 32922: Remove space in shebang 2023-02-20 09:44:06 -03:00
errors
etc Bug 30843: Add mfa_range configuration option for TOTP 2023-09-25 10:53:51 -03:00
ill Bug 33716: (QA follow-up) Fix submission when cardnumber is invalid 2023-09-19 16:34:37 -03:00
installer Bug 34748: DBRev 23.06.00.026 2023-09-25 10:53:46 -03:00
Koha Bug 30843: Add mfa_range configuration option for TOTP 2023-09-25 10:53:51 -03:00
koha-tmpl Bug 34369: Require CSRF token for updating system preferences 2023-09-25 18:18:40 -03:00
labels
lib/CGI/Session/Serialize
members Bug 33948: Replace GetAllIssues with Koha::Checkouts - staff 2023-09-22 12:35:49 -03:00
misc Bug 34728: (QA follow-up) Remove o modifier, bit more compact 2023-09-18 15:31:50 -03:00
offline_circ Bug 32496: Reduce unnecessary unblessings of objects in Circulation.pm 2023-09-22 10:52:39 -03:00
opac Bug 30825: Move holds_control_library to Koha::Policy::Holds 2023-09-22 12:35:46 -03:00
patron_lists
patroncards
plugins Bug 30367: (follow-up) Same adjustment for gitlab 2023-05-05 10:18:57 -03:00
pos Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-12 09:44:59 -03:00
recalls Bug 34013: Recalls awaiting pickup doesn't show count on each tab 2023-06-23 10:01:04 -03:00
reports Bug 34552: Don't exclude payments with no status 2023-09-18 12:06:25 -03:00
reserve Bug 32496: Reduce unnecessary unblessings of objects in Circulation.pm 2023-09-22 10:52:39 -03:00
reviews
rotating_collections
serials Bug 34199: Add full title information to subscription detail page 2023-09-22 11:35:46 -03:00
services
skel
suggestion Bug 34601: Fix edit/delete links on suggestion.tt 2023-08-29 14:37:10 -03:00
svc Bug 34369: Require CSRF token for updating system preferences 2023-09-25 18:18:40 -03:00
t Bug 34513: (QA follow-up) Tidy 2023-09-25 18:18:37 -03:00
tags
tools Bug 34349: Validate/escape inputs for task scheduler 2023-09-25 18:18:38 -03:00
virtualshelves Bug 34731: Don't call SendQueuedMessages if message_id is bad 2023-09-12 09:44:59 -03:00
xt Bug 30002: Remove unused xt/perltidyrc 2023-06-08 08:32:40 -03:00
.editorconfig
.eslintrc.json
.gitignore Bug 33710: Ignore how-to related files 2023-05-12 17:50:01 -03:00
.htaccess
.mailmap Update .mailmap 2023-06-12 11:52:05 -03:00
.perlcriticrc
.perltidyrc Bug 30002: Adjust perltidy 2023-06-08 08:32:42 -03:00
.proverc.dist
.stylelintrc.json
about.pl Bug 27634: Add a warning to the about page if PatronSelfRegistrationDefaultCategory not set 2023-09-19 16:34:19 -03:00
app.psgi
build-resources.PL Bug 32609: Use the current yarn.lock to generate node_modules 2023-02-10 11:07:57 -03:00
changelanguage.pl
cpanfile Bug 34414: Remove DBD::Mock 2023-09-15 11:57:08 -03:00
cypress.config.ts Bug 34319: Upgrade cypress 9.7.0 to 12.17.2 2023-09-05 11:52:25 -03:00
fix-perl-path.PL
gulpfile.js Bug 32978: Replace node-sass with dart-sass 2023-02-22 10:03:39 -03:00
help.pl
INSTALL
Koha.pm Bug 34748: DBRev 23.06.00.026 2023-09-25 10:53:46 -03:00
koha_perl_deps.pl
kohaversion.pl
LICENSE
mainpage.pl Bug 33133: Add fast cataloging to 'Cataloging' page 2023-03-27 12:50:07 +02:00
Makefile.PL Bug 34319: Remove cypress.json from Makefile.PL 2023-09-06 09:57:01 -03:00
MANIFEST.SKIP
package.json Bug 34319: Upgrade cypress 9.7.0 to 12.17.2 2023-09-05 11:52:25 -03:00
README
README.md
README.robots
rewrite-config.PL
tsconfig.json
webpack.config.js Bug 32806: Move main-erm.ts to modules/erm.ts 2023-02-27 11:12:01 -03:00
yarn.lock Bug 34319: Update yarn.lock 2023-09-05 11:52:25 -03:00

Koha is a free software integrated library system (ILS).

Koha is distributed under the GNU GPL version 3 or later.

Note: Koha does not accept pull requests from git hosting sites.

Note: This project has its own bug tracker, to report a bug or submit a patch visit http://bugs.koha-community.org.

For guidelines on submitting patches for Koha please visit https://wiki.koha-community.org/wiki/SubmitingAPatch

The developers handbook can be found at https://wiki.koha-community.org/wiki/Developer_handbook

http://koha-community.org/

Koha Logo