]> git.koha-community.org Git - koha.git/commit
Bug 17109: Add CSRF token to [opac-]sendbasket
authorMarcel de Rooy <m.de.rooy@rijksmuseum.nl>
Thu, 11 Aug 2016 12:17:14 +0000 (14:17 +0200)
committerKyle M Hall <kyle@bywatersolutions.com>
Fri, 9 Sep 2016 13:37:47 +0000 (13:37 +0000)
commitdc4617ba3b57913123689b7bb9cf1342fcc7c84c
tree98f3a6374962e7ce40d92b1cac5e45560bfd9e39
parent36b9fa32b16d5928dd9a35b04ff2144b4f77f314
Bug 17109: Add CSRF token to [opac-]sendbasket

If you have no (valid) token, you will not be able to send the message.

Test plan:
[1] Verify if you can still send the cart from opac and intranet.
[2] While still being logged in, try to send the cart from opac by
    using the following URL:
    /cgi-bin/koha/opac-sendbasket.pl?email_add=you@somedomain.com&comment=csrf_test&bib_list=doesnotmatter&csrf_token=justsomeguess12345
    This should now result in a csrf error.

Signed-off-by: Marc VĂ©ron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
basket/sendbasket.pl
koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt
opac/opac-sendbasket.pl