]> git.koha-community.org Git - koha.git/commit
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used
authorKyle M Hall <kyle@bywatersolutions.com>
Thu, 27 Jul 2023 11:45:57 +0000 (07:45 -0400)
committerAleisha Amohia <aleishaamohia@hotmail.com>
Wed, 28 Feb 2024 21:18:02 +0000 (21:18 +0000)
commitb105890152fcc22deee061bc591d1d086f1e1dcc
tree8fe9cc840fdc61e4b580e5d438b240cb02971a01
parented41eca3938d20d2197ad40c651f029da353d765
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used

This patch avoids generating CSRF tokens unless the csrf-token.inc file
is included in the template.

Passed token doesn't need HTML escaped. The docs for WWW::CSRF state:
  The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ddf1eb6cef14da365675890920ff72f010c59527)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 73ca151686b682aaa2b950ccbc89fcec14514112)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
(cherry picked from commit b1bd7ec29a0febddc210dbdc3bef0a78e37c7719)
C4/Auth.pm
Koha/Template/Plugin/Koha.pm
koha-tmpl/intranet-tmpl/prog/en/includes/csrf-token.inc