]> git.koha-community.org Git - koha.git/commit
Bug 20701: Add csrf protection to maninvoice.pl
authorNick Clemens <nick@bywatersolutions.com>
Thu, 3 May 2018 11:52:24 +0000 (11:52 +0000)
committerNick Clemens <nick@bywatersolutions.com>
Tue, 22 May 2018 11:56:02 +0000 (11:56 +0000)
commit730d1fd57d982735522b3c7c1bc4d421255c2107
treeb0dd837cb5deb81b94b63fade4af8cc149c9aa23
parenta2fb66abd3706f6cd82192b0bb2e593654b2379e
Bug 20701: Add csrf protection to maninvoice.pl

TO test:
1 - Be signed in to Koha
2 - Add a manual invoice to an account, works fine
3 - Now do it via url: http://localhost:8081/cgi-bin/koha/members/maninvoice.pl?borrowernumber=5&type=test&amount=5&add=Save
4 - Apply patches
5 - Test that everything continues to work as expected (but more securely)
6 - Try adding a new invoice via URL
7 - Should get 'internal server error' and wrong csrf token in logs

Works OK.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
koha-tmpl/intranet-tmpl/prog/en/modules/members/maninvoice.tt
members/maninvoice.pl