From 17dcab057f82b64bdc73395851cd7ee3606c99c6 Mon Sep 17 00:00:00 2001 From: David Cook Date: Wed, 30 Aug 2023 00:07:23 +0000 Subject: [PATCH] Bug 34650: Remove unnecessary CSRF check on edit_form The op "edit_form" doesn't change state. It just renders the edit form. Therefore, it doesn't need a CSRF token/check. Signed-off-by: Lucas Gass Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi (cherry picked from commit caf962fbaa4f52bfea12acfa02671cd6920f7a53) Signed-off-by: Fridolin Somers (cherry picked from commit e81e765d7da1b3e34ba4976c2fa6264e658d0044) Signed-off-by: Matt Blenkinsop --- .../prog/en/modules/virtualshelves/tables/shelves_results.tt | 1 - virtualshelves/shelves.pl | 1 - 2 files changed, 2 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt index e37b39f966..1515fe8c04 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt @@ -39,7 +39,6 @@ [%~ public = public | html ~%] [%~ IF can_manage_shelf ~%] [%~ action_block = '
' ~%] - [%~ action_block = BLOCK ~%][%~ action_block | $raw ~%][%~ INCLUDE 'csrf-token.inc' | trim ~%][%~ END ~%] [%~ action_block = action_block _ '' ~%] [%~ action_block = action_block _ '' ~%] [%~ action_block = action_block _ '' ~%] diff --git a/virtualshelves/shelves.pl b/virtualshelves/shelves.pl index cdc9f133fc..cea511232e 100755 --- a/virtualshelves/shelves.pl +++ b/virtualshelves/shelves.pl @@ -63,7 +63,6 @@ if ( $op eq 'add_form' ) { # Only pass default $shelf = { allow_change_from_owner => 1 }; } elsif ( $op eq 'edit_form' ) { - output_and_exit_if_error($query, $cookie, $template, { check => 'csrf_token' }); $shelfnumber = $query->param('shelfnumber'); $shelf = Koha::Virtualshelves->find($shelfnumber); -- 2.39.5