git.koha-community.org Git - koha.git/commit

Bug 18124: Change the calls to generate and check CSRF tokens

The parameter change in Koha::Token should be applied to the calling
scripts.

Test plan:
Confirm that the different forms of the scripts modified by this patch
still work correctly.

Test the problematic behavior:
Open 2 tabs with in same user's session, go on the edit patron page
(memberentry.pl).
Log out and log in from the other tab.
Submit the form
=> Wrong CSRF token should be raised

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 574d48362d32c14920712ae35bdd28101785315c)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Wed, 15 Feb 2017 16:14:13 +0000 (17:14 +0100)
committer	Katrin Fischer <katrin.fischer.83@web.de>
	Sun, 2 Apr 2017 16:03:53 +0000 (18:03 +0200)
commit	c69868de49c21d567e0f5824b8ea8526a0e81d74
tree	c5de5901f4540655db3d0c37ed0343088d8d06f9	tree \| snapshot
parent	bead88a8bce3dab2bbf6809a47a008167be016b0	commit \| diff

basket/sendbasket.pl		diff \| blob \| history
members/deletemem.pl		diff \| blob \| history
members/member-flags.pl		diff \| blob \| history
members/member-password.pl		diff \| blob \| history
members/memberentry.pl		diff \| blob \| history
members/moremember.pl		diff \| blob \| history
opac/opac-memberentry.pl		diff \| blob \| history
opac/opac-sendbasket.pl		diff \| blob \| history
tools/import_borrowers.pl		diff \| blob \| history
tools/picture-upload.pl		diff \| blob \| history