From 397e06ccd743151d8ce4bac9fae7dda114d7254a Mon Sep 17 00:00:00 2001 From: Phil Ringnalda Date: Thu, 29 Aug 2024 21:17:09 -0700 Subject: [PATCH] Bug 37785: Remove dead code in tools/letter.tt that looks like a form that would POST without an op We intend not to have forms with method="post" without an op variable (so we can check that the op starts with "cud-" as part of the CSRF protection), but because of bug 37728 some were missed. The two in tools/letter.tt are blocks of never-used code which would display a message confirming that you saved a notice, or that a notice was deleted after you confirmed that you wanted to delete it, but neither one has ever been executed. Now, the names of the ops don't match, because they are cud-add_validate etc. and would have to explicitly set a param for add_validate, but even before the CSRF change to cud- ops, they explicitly unset their $op so that as they say "# we return to the default screen for the next operation". Prior to that, they just did "print $input->redirect("letter.pl");" No test plan is possible, since this code has never once done anything. Sponsored-by: Chetco Community Public Library Signed-off-by: Jonathan Druart Signed-off-by: Paul Derscheid Signed-off-by: Katrin Fischer --- .../prog/en/modules/tools/letter.tt | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt index c8fea2b378..abc1402005 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt @@ -549,14 +549,6 @@ [% END # /IF add_form %] - [% IF ( add_validate or copy_validate) %] - Data recorded -
- [% INCLUDE 'csrf-token.inc' %] - -
- [% END %] - [% IF ( delete_confirm ) %]

Delete notice?

@@ -591,14 +583,6 @@
[% END # /IF delete_confirm %] - [% IF ( delete_confirmed ) %] - Data deleted -
- [% INCLUDE 'csrf-token.inc' %] - -
- [% END %] - [% IF add_form or copy_form %] -- 2.39.5