Bug 37961: Inventory problem resolution fails by POSTing without an op or csrf_token
After you upload a file or textarea of barcodes to inventory, the next step is
a list of the things that were missing, with checkboxes to check when you find
them, and buttons to Mark seen, which send a POST to
/cgi-bin/koha/tools/ajax-inventory.pl without an op param (since it doesn't
have an $op) and without a csrf_token, so the POST fails with a 403.
Test plan:
1. Without the patch, Cataloging - Inventory - in Item location filters
set Library to Centerville, Shelving location to Audio visual, Collection
code to Reference, and in Optional filters for inventory list or comparing
barcodes set Last inventory date to today.
2. Click Submit, and you'll have a table of 23 items. Check the checkbox for
the first item, click Mark seen and continue
3. What was supposed to happen was that you would be taken to the next
page, but instead you are still in the same page, and if you had the
browser console open, you would have seen that you sent a POST to
ajax-inventory.pl, and got a 403 error in response
4. Apply patch, restart_all
5. Repeat step 1 and 2, this time getting to the second page. Check the
checkboxes for the last two items, and click Mark seen and quit
6. Repeat step 1 and click Submit. You should now have only 20 items, since
the three you checked now have a Last inventory date of today.
Yeah, when you did Mark seen and continue they ought to have been removed from
the list, I agree. I had to go back to 23.11.x and make sure that was really
how it was supposed to function, but that is the existing behavior. Even
though they get marked as seen, nothing changes about your list until you quit
and go back to it. Maybe because then something that wasn't on the current
page would have moved there. Another bug.
Sponsored-by: Chetco Community Public Library Signed-off-by: Sonia Bouis <sonia.bouis@univ-lyon3.fr> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>