From b603bd91b363bcd323e4a79c837ac24361614b85 Mon Sep 17 00:00:00 2001 From: Phil Ringnalda Date: Thu, 11 Jul 2024 05:13:39 -0700 Subject: [PATCH] Bug 37093: Searching for reports on Mana should use GET Searching for reports on Mana currently fails by sending a POST to svc/mana/search without a CSRF token. There's no reason to POST, it's just sending a search string. 1. Enable Mana: Reports - lower right is a blue Knowledgebase box with a link to Change your Mana KB settings 2. Switch Use Mana KB to Yes, click Save, below that give it a name and email, Send to Mana KB 3. Reports - Use saved - New report - New SQL from Mana 4. Enter any keyword to search, get a 403 forbidden error 5. Apply patch, restart_all, Shift+Reload the page to clear cache 6. Enter any keyword likely to return results, like select, get results Signed-off-by: David Nind Signed-off-by: Victor Grousset/tuxayo Signed-off-by: Katrin Fischer (cherry picked from commit f4d248f076ef7368535beead9689acf4ad98d5f3) Signed-off-by: Lucas Gass --- .../prog/en/modules/reports/guided_reports_start.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt index 5c7ceea3cd..881ca02334 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt @@ -2395,7 +2395,7 @@ function mana_search( textquery ){ $(".mana_search_status").hide(); - $("#mana_result_content").load("/cgi-bin/koha/svc/mana/search #mana_results", { resource: 'report', id: textquery, usecomments: 1 }, function( response, status, xhr ) { + $("#mana_result_content").load("/cgi-bin/koha/svc/mana/search #mana_results", "resource=report&usecomments=1&id=" + textquery, function( response, status, xhr ) { if ( status == "error" ) { $("#mana_search_errortext").html( xhr.status + " " + xhr.statusText ); -- 2.39.5