git.koha-community.org Git - koha.git/commit

Bug 18124: Change the calls to generate and check CSRF tokens

The parameter change in Koha::Token should be applied to the calling
scripts.

Test plan:
Confirm that the different forms of the scripts modified by this patch
still work correctly.

Test the problematic behavior:
Open 2 tabs with in same user's session, go on the edit patron page
(memberentry.pl).
Log out and log in from the other tab.
Submit the form
=> Wrong CSRF token should be raised

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Wed, 15 Feb 2017 16:14:13 +0000 (17:14 +0100)
committer	Kyle M Hall <kyle@bywatersolutions.com>
	Thu, 30 Mar 2017 09:07:09 +0000 (09:07 +0000)
commit	574d48362d32c14920712ae35bdd28101785315c
tree	222201043d6bfb16dbf847cf727836707a090835	tree \| snapshot
parent	7190593d9dd38001c2d101bcad5cddc222a45ebe	commit \| diff

basket/sendbasket.pl		diff \| blob \| history
members/deletemem.pl		diff \| blob \| history
members/member-flags.pl		diff \| blob \| history
members/member-password.pl		diff \| blob \| history
members/memberentry.pl		diff \| blob \| history
members/moremember.pl		diff \| blob \| history
opac/opac-memberentry.pl		diff \| blob \| history
opac/opac-sendbasket.pl		diff \| blob \| history
tools/import_borrowers.pl		diff \| blob \| history
tools/picture-upload.pl		diff \| blob \| history