From 987938a558b6e87689b1756fe3d2bd6920e58139 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 26 Jan 2024 10:28:06 +0100 Subject: [PATCH] Bug 34478: Rename action with op - admin/item_circulation_alerts Also fix possible XSS. Signed-off-by: Jonathan Druart --- admin/item_circulation_alerts.pl | 16 +++++++++------- .../en/modules/admin/item_circulation_alerts.tt | 2 +- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/admin/item_circulation_alerts.pl b/admin/item_circulation_alerts.pl index 7a9b32243f..c2ba883635 100755 --- a/admin/item_circulation_alerts.pl +++ b/admin/item_circulation_alerts.pl @@ -102,23 +102,25 @@ sub toggle { print encode_json($response); } -# dispatch to various actions based on CGI parameter 'action' +# dispatch to various actions based on CGI parameter 'op' sub dispatch { my %handler = ( - show => \&show, - toggle => \&toggle, + show => \&show, + 'cud-toggle' => \&toggle, ); my $input = CGI->new; - my $action = $input->param('action') || 'cud-show'; - if (not exists $handler{$action}) { + my $op = $input->param('op') || 'show'; + + if (not exists $handler{$op}) { my $status = 400; print $input->header(-status => $status); print $input->div( $input->h1($status), - $input->p("$action is not supported.") + # FIXME This is not translatable + $input->p("op parameter is not supported (must be 'show' or 'toggle').") ); } else { - $handler{$action}->($input); + $handler{$op}->($input); } } diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/item_circulation_alerts.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/item_circulation_alerts.tt index f5308202bd..af1005fc5a 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/item_circulation_alerts.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/item_circulation_alerts.tt @@ -211,7 +211,7 @@ url : '/cgi-bin/koha/admin/item_circulation_alerts.pl', type : 'POST', dataType : 'json', - data : { action: 'toggle', id: id, branch: $branch }, + data : { action: 'cud-toggle', id: id, branch: $branch }, success : function(response){ if ($branch == '*' && response.classes.match(/default/)) { td.html(disabledForAll); -- 2.39.5