Bug 20701: Add csrf protection to maninvoice.pl
TO test:
1 - Be signed in to Koha
2 - Add a manual invoice to an account, works fine
3 - Now do it via url: http://localhost:8081/cgi-bin/koha/members/maninvoice.pl?borrowernumber=5&type=test&amount=5&add=Save
4 - Apply patches
5 - Test that everything continues to work as expected (but more securely)
6 - Try adding a new invoice via URL
7 - Should get 'internal server error' and wrong csrf token in logs
Works OK.
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
projects / koha.git / commit