Bug 38030: stocknumberAV.pl fails with CSRF protection
The value builder stocknumberAV.pl does not work after applying the CSRF
protection. In console, it generates entries like:
POST
http://localhost:8081/cgi-bin/koha/cataloguing/plugin_launcher.pl
[HTTP/1.1 403 Forbidden 188ms]
Test plan:
==========
1. Modify the MARC bibliographic framework for the default framework by
choosing stocknumberAV.pl as plugin for subfield 952 $i.
2. In Authorized values, add a new category 'INVENTORY'. Add a new
entry there, e.g. 'ABC', with any number in Description (eg. 123).
3. Find any bibliographic record, make sure it uses the default framework.
If not set the framework accordingly.
4. Edit an item linked to this record. Go to the 'i - Inventory number'
subfield. You should see three dots on the right. In the input field
put ABC and click the three dots.
5. Nothing happens. You can check in the browser console--there should
be a message like:
POST http://FQDN:8081/cgi-bin/koha/cataloguing/plugin_launcher.pl
[HTTP/1.1 403 Forbidden 188ms]
6. Apply the patch; restart_all. Refresh the browser window.
7. Repeat p. 4. You should now get the next sequence number next to
the 'ABC' (i.e. ABC
0000000124 or similar).
Sponsored-by: Ignatianum University in Cracow
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
projects / koha.git / commit