]> git.koha-community.org Git - koha.git/commit
projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3241671) | patch
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used
authorKyle M Hall <kyle@bywatersolutions.com>
Thu, 27 Jul 2023 11:45:57 +0000 (07:45 -0400)
committerTomas Cohen Arazi <tomascohen@theke.io>
Tue, 8 Aug 2023 00:00:06 +0000 (21:00 -0300)
commit98a4b52be1e3f51394e6aea1dc6cd8ab55c1801d
treeb4f34e3aabb7649e43e63edcce145c70ef6a6f8btree | snapshot
parent3241671cdd11a3ee88a11284ab2a77f8d83eb0cacommit | diff
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used

This patch avoids generating CSRF tokens unless the csrf-token.inc file
is included in the template.

Passed token doesn't need HTML escaped. The docs for WWW::CSRF state:
  The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
C4/Auth.pm diff | blob | history
Koha/Template/Plugin/Koha.pm diff | blob | history
koha-tmpl/intranet-tmpl/prog/en/includes/csrf-token.inc diff | blob | history
Main Koha release repository