From a81c98e1ea39f4b04bb3eec2fde7c8c6f331e6a3 Mon Sep 17 00:00:00 2001
From: Owen Leonard <oleonard@myacpl.org>
Date: Fri, 12 Apr 2024 12:31:15 +0000
Subject: [PATCH] Bug 36597: Fix deletion of circulation desks broken by CSRF

Our CSRF work introduced a problem with deleting circulation desks: The
"delete_confirm" does not need "cud-" because it's a GET operation
leading to a POSTed deletion after the confirmation is submitted.

To test, apply the patch and restart services.

- Go to Administration -> Circulation desks.
- If necessary, create a circulation desk.
- Click the "Delete" button for you new desk.
- You should be taken to a confirmation page which shows details of the
  desk you're deleting.
- Confirming the deletion should result in deletion of the desk.

Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
---
 admin/desks.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin/desks.pl b/admin/desks.pl
index 02ec4e5115..c688cf1753 100755
--- a/admin/desks.pl
+++ b/admin/desks.pl
@@ -82,7 +82,7 @@ if ( $op eq 'add_form' ) {
     }
     $searchfield = q||;
     $op          = 'list';
-} elsif ( $op eq 'cud-delete_confirm' ) {
+} elsif ( $op eq 'delete_confirm' ) {
     my $desk = Koha::Desks->find($desk_id);
     $template->param( desk => $desk, );
 } elsif ( $op eq 'cud-delete_confirmed' ) {
-- 
2.39.5