]> git.koha-community.org Git - koha.git/commit
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used
authorKyle M Hall <kyle@bywatersolutions.com>
Thu, 27 Jul 2023 11:45:57 +0000 (07:45 -0400)
committerWainui Witika-Park <wainuiwitikapark@catalyst.net.nz>
Wed, 27 Mar 2024 05:30:13 +0000 (05:30 +0000)
commite038ec2709080faaa76c29334bfcffbd00f74a9c
tree1bc323598ed731430a2a4c938ea216722cecec5b
parentc922f7304b2aef06c17c2e7668f29eaa5ee4e344
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used

This patch avoids generating CSRF tokens unless the csrf-token.inc file
is included in the template.

Passed token doesn't need HTML escaped. The docs for WWW::CSRF state:
  The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ddf1eb6cef14da365675890920ff72f010c59527)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 73ca151686b682aaa2b950ccbc89fcec14514112)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit b1bd7ec29a0febddc210dbdc3bef0a78e37c7719)
C4/Auth.pm
Koha/Template/Plugin/Koha.pm
koha-tmpl/intranet-tmpl/prog/en/includes/csrf-token.inc