Bug 37785: Remove dead code in tools/letter.tt that looks like a form that would POST without an op
We intend not to have forms with method="post" without an op variable (so we
can check that the op starts with "cud-" as part of the CSRF protection), but
because of bug 37728 some were missed.
The two in tools/letter.tt are blocks of never-used code which would display
a message confirming that you saved a notice, or that a notice was deleted
after you confirmed that you wanted to delete it, but neither one has ever
been executed. Now, the names of the ops don't match, because they are
cud-add_validate etc. and would have to explicitly set a param for
add_validate, but even before the CSRF change to cud- ops, they explicitly
unset their $op so that as they say "# we return to the default screen for
the next operation". Prior to that, they just did
"print $input->redirect("letter.pl");"
No test plan is possible, since this code has never once done anything.
Sponsored-by: Chetco Community Public Library Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Paul Derscheid <paul.derscheid@lmscloud.de> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
projects / koha.git / commit