git.koha-community.org Git - koha.git/commit

author	Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
	Thu, 11 Aug 2016 12:17:14 +0000 (14:17 +0200)
committer	Kyle M Hall <kyle@bywatersolutions.com>
	Fri, 9 Sep 2016 13:37:47 +0000 (13:37 +0000)
commit	dc4617ba3b57913123689b7bb9cf1342fcc7c84c
tree	98f3a6374962e7ce40d92b1cac5e45560bfd9e39	tree \| snapshot
parent	36b9fa32b16d5928dd9a35b04ff2144b4f77f314	commit \| diff

Bug 17109: Add CSRF token to [opac-]sendbasket

If you have no (valid) token, you will not be able to send the message.

Test plan:
[1] Verify if you can still send the cart from opac and intranet.
[2] While still being logged in, try to send the cart from opac by
    using the following URL:
    /cgi-bin/koha/opac-sendbasket.pl?email_add=you@somedomain.com&comment=csrf_test&bib_list=doesnotmatter&csrf_token=justsomeguess12345
    This should now result in a csrf error.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

basket/sendbasket.pl		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt		diff \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt		diff \| blob \| history
opac/opac-sendbasket.pl		diff \| blob \| history