git.koha-community.org Git - koha.git/commit

author	Pedro Amorim <pedro.amorim@ptfs-europe.com>
	Thu, 7 Mar 2024 11:19:39 +0000 (11:19 +0000)
committer	Katrin Fischer <katrin.fischer@bsz-bw.de>
	Thu, 31 Oct 2024 07:05:23 +0000 (08:05 +0100)
commit	408e0eb0753e807f7cd19ff0d4f3779a73d0c475
tree	198180bc1ad4e1e893b85ac85700a6e509ce27bc	tree \| snapshot
parent	fe6927f95908295783056dae6a9f9fb4cad9b860	commit \| diff

Bug 35570: (QA follow-up): Standard backend: Fix OPAC CSRF

Add FreeForm CSRF fix from https://github.com/PTFS-Europe/koha-ill-freeform/commit/6a37ce0daba8aab13130dacd055c9ca5876b7df4 into this work.
This is to keep this work up to date with latest FreeForm's fixes.

The test plan to demonstrate the issue this patch fixes:
Test plan, k-t-d:

1) Install FreeForm, enable ILL module, run:
bash <(curl -s https://raw.githubusercontent.com/ammopt/koha-ill-dev/master/start-ill-dev.sh)
2) You'll have to switch the FreeForm branch to the one compatible with this work, i.e.:
cd /kohadevbox/koha/Koha/Illbackends/FreeForm
git checkout b_36243
3) Restart plack:
koha-plack --restart kohadev
4) Go to OPAC ILL requests, login and visit:
<opac_url>/cgi-bin/koha/opac-illrequests.pl
5) Click "Create new request"
6) Change the 'type'. Notice you get a 403 error. Logs say:
Programming error - op 'add_form' must start with 'cud-' for POST
7) Apply patch. Restart plack. Repeat 6)
8) Notice the change type works as expected. Click "Create".
9) Notice the request is created as expected.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>