git.koha-community.org Git - koha.git/commit

author	Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
	Thu, 11 Aug 2016 12:17:14 +0000 (14:17 +0200)
committer	Mason James <mtj@kohaaloha.com>
	Wed, 3 May 2017 02:24:14 +0000 (14:24 +1200)
commit	5a627a355e63d932f3d16114529e4f548915d3eb
tree	0bd1fe4c391740a43e53be05a37d3f0e07511783	tree \| snapshot
parent	c55b093e79d404ff674dcccdb032a2d74cc398b9	commit \| diff

Bug 17109: Add CSRF token to [opac-]sendbasket

If you have no (valid) token, you will not be able to send the message.

Test plan:
[1] Verify if you can still send the cart from opac and intranet.
[2] While still being logged in, try to send the cart from opac by
    using the following URL:
    /cgi-bin/koha/opac-sendbasket.pl?email_add=you@somedomain.com&comment=csrf_test&bib_list=doesnotmatter&csrf_token=justsomeguess12345
    This should now result in a csrf error.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>

basket/sendbasket.pl		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt		diff \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt		diff \| blob \| history
opac/opac-sendbasket.pl		diff \| blob \| history