]> git.koha-community.org Git - koha.git/commit
Bug 37074: Comment approval and un-approval should be CSRF-protected
authorOwen Leonard <oleonard@myacpl.org>
Wed, 12 Jun 2024 17:49:25 +0000 (17:49 +0000)
committerKatrin Fischer <katrin.fischer@bsz-bw.de>
Thu, 1 Aug 2024 15:26:34 +0000 (17:26 +0200)
commit9a8fac823bcf81a924edeb3b4b51fd60455dcc7a
treeb4c7719c72f1e4e524864e39ec68e5ad702f1002
parent558b900895a42ff33fed06f746f677ac9ea3f51c
Bug 37074: Comment approval and un-approval should be CSRF-protected

This patch converts the "Approve" and "Unapprove" controls in the staff
client's comment moderation page so that the operations are POST instead
of GET.

To test, apply the patch and restart services.

- If necessary, enable OPACComments and submit a few comments on a few
  titles in the OPAC
- Go to Tools -> Comments
- Test the process of approving, unapproving, and deleting comments

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
koha-tmpl/intranet-tmpl/prog/en/modules/reviews/reviewswaiting.tt
reviews/reviewswaiting.pl