Bug 37768: Fix form that POSTs without an op in itemtype administration
We intend not to have forms with method="post" without an op variable (so we
can check that the op starts with "cud-" as part of the CSRF protection), but
because of bug 37728 some were missed.
For itemtype administration, that's the "No, do not delete" cancel button
when you decide not to delete an itemtype, which doesn't need to POST
anything since it's just taking you back to the list of itemtypes. The only
visible change from switching to a GET is that the URL ends with a "?" from
a GET with no params, but someone can fix that by choosing one of our various
link-as-a-cancel-button styles and switching it to a link in a bug that
doesn't block an RM_priority bug.
Test plan:
1. You aren't going to see a visible difference, so start with the patch
applied
2. Administration - Item types
3. You need an itemtype that isn't in use to be able to delete it - ktd
provides you with an unused Computer Files type, so click the Delete
button for that row
4. In the "Are you sure..." page, click No, do not delete
5. Verify that you are back at the list of itemtypes, with only the "?" at
the end of the URL to tell you that you did a GET rather than a POST
Sponsored-by: Chetco Community Public Library Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
projects / koha.git / commit
