projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f702922) | patch
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used
authorKyle M Hall <kyle@bywatersolutions.com>
Thu, 27 Jul 2023 11:45:57 +0000 (07:45 -0400)
committerMatt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Fri, 28 Jul 2023 11:15:08 +0000 (11:15 +0000)
commitb1bd7ec29a0febddc210dbdc3bef0a78e37c7719
tree1f5eaa5c1e82a4729c925f25c7f629e2b2caebf9tree | snapshot
parentf702922acb29d69f8ed9831709cc7330773f6dd1commit | diff
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used

This patch avoids generating CSRF tokens unless the csrf-token.inc file
is included in the template.

Passed token doesn't need HTML escaped. The docs for WWW::CSRF state:
  The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ddf1eb6cef14da365675890920ff72f010c59527)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 73ca151686b682aaa2b950ccbc89fcec14514112)
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
C4/Auth.pm diff | blob | history
Koha/Template/Plugin/Koha.pm diff | blob | history
koha-tmpl/intranet-tmpl/prog/en/includes/csrf-token.inc diff | blob | history
Main Koha release repository