Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/authorities
History
Jonathan Druart b990b953b3 Bug 21993: Display a user-friendly message when the CSRF token is wrong 
Instead of dying!

Test plan:
Assuming you have a patron with borrowernumber=51 and another one that
can be deleted with borrowernumber=42

- authorities-home.pl
 * Delete an authority record
 * hit /cgi-bin/koha/authorities/authorities-home.pl?op=delete

- basket/sendbasket.pl
 * Send a basket to someone
 * hit /cgi-bin/koha/basket/sendbasket.pl?email_add=1

- members/apikeys.pl
  * Generate and delete an API key for a patron
  * hit /cgi-bin/koha/members/apikeys.pl?patron_id=51&op=delete

- members/deletemem.pl
  * Delete a patron
  * hit /cgi-bin/koha/members/deletemem.pl?member=42&op=delete_confirmed

- members/mancredit.pl
  * Add a manual credit
  * hit /cgi-bin/koha/members/mancredit.pl?borrowernumber=51&add=1

- members/maninvoice.pl
  * Add a manual invoice
  * hit /cgi-bin/koha/members/maninvoice.pl?borrowernumber=51&add=1

- members/member-flags.pl
  * Change permissions for a patron
  * hit /cgi-bin/koha/members/member-flags.pl?member=51&newflags=1

- members/member-password.pl
  * Change the password for a patron (from the staff interface)
  * hit /cgi-bin/koha/members/member-password.pl?member=51&newpassword=aA1

- members/memberentry.pl
  * Edit some patron's info
  * hit /cgi-bin/koha/members/memberentry.pl?borrowernumber=51&op=save

- members/paycollect.pl
  * Pay an individual fine
  * hit something like /cgi-bin/koha/members/paycollect.pl?borrowernumber=51&pay_individual=1&accounttype=L&amount=1.00&amountoutstanding=1.00&accountlines_id=157&paid=1
  You may need to edit some values

- tools/import_borrowers.pl
  * Import some patrons
  * hit /cgi-bin/koha/tools/import_borrowers.pl?uploadborrowers=1

- tools/picture-upload.pl
  * Upload an image for a patron
  * You will need to edit the html content
  hit Home › Tools › Upload patron images
  then locate the csrf_token input and modify its value

Note for QA:
- Opac is not done as blocking_errors.inc does not exist for this
interface
- ill/ill-requests.pl
I did not manage to replace this occurrence

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
2019-01-25 20:38:32 +00:00
..
auth_finder.pl Bug 21455: Authority search options get shuffled around when you click on 'Search' 2018-10-09 11:54:08 +00:00
authorities-home.pl Bug 21993: Display a user-friendly message when the CSRF token is wrong 2019-01-25 20:38:32 +00:00
authorities.pl Bug 21986: Do not escape quotation marks when cataloguing 2018-12-14 13:33:28 +00:00
blinddetail-biblio-search.pl Bug 21448: Fix copy repeated subfields when linking an authority with 6xx 2018-10-01 23:54:59 +00:00
detail-biblio-search.pl Bug 15381: Remove GetAuthType and GetAuthTypeCode 2015-12-31 18:59:02 +00:00
detail.pl Bug 21456: The 'New authority' button lists authority types inconsistently 2018-10-17 13:52:23 +00:00
export.pl Bug 11944: use CGI( -utf8 ) everywhere 2015-01-13 13:07:21 -03:00
merge.pl Bug 21456: (QA follow-up) Catch missed case in authorities merge 2018-10-17 13:52:23 +00:00
merge_ajax.pl Bug 14589: Adjust authorities_merge_ajax and replace some indirect syntax 2015-11-02 12:49:13 -03:00
ysearch.pl Bug 20273: Use compat routines for autocomplete in auth_finder.pl 2018-07-19 17:25:16 +00:00