From 408e0eb0753e807f7cd19ff0d4f3779a73d0c475 Mon Sep 17 00:00:00 2001 From: Pedro Amorim Date: Thu, 7 Mar 2024 11:19:39 +0000 Subject: [PATCH] Bug 35570: (QA follow-up): Standard backend: Fix OPAC CSRF Add FreeForm CSRF fix from https://github.com/PTFS-Europe/koha-ill-freeform/commit/6a37ce0daba8aab13130dacd055c9ca5876b7df4 into this work. This is to keep this work up to date with latest FreeForm's fixes. The test plan to demonstrate the issue this patch fixes: Test plan, k-t-d: 1) Install FreeForm, enable ILL module, run: bash <(curl -s https://raw.githubusercontent.com/ammopt/koha-ill-dev/master/start-ill-dev.sh) 2) You'll have to switch the FreeForm branch to the one compatible with this work, i.e.: cd /kohadevbox/koha/Koha/Illbackends/FreeForm git checkout b_36243 3) Restart plack: koha-plack --restart kohadev 4) Go to OPAC ILL requests, login and visit: /cgi-bin/koha/opac-illrequests.pl 5) Click "Create new request" 6) Change the 'type'. Notice you get a 403 error. Logs say: Programming error - op 'add_form' must start with 'cud-' for POST 7) Apply patch. Restart plack. Repeat 6) 8) Notice the change type works as expected. Click "Create". 9) Notice the request is created as expected. Signed-off-by: Tomas Cohen Arazi Signed-off-by: Katrin Fischer --- Koha/ILL/Backend/opac-includes/create.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Koha/ILL/Backend/opac-includes/create.inc b/Koha/ILL/Backend/opac-includes/create.inc index 8b22848d7e..91450d66d2 100644 --- a/Koha/ILL/Backend/opac-includes/create.inc +++ b/Koha/ILL/Backend/opac-includes/create.inc @@ -17,6 +17,7 @@ [% IF whole.stage == "form" %]

Create a manual ILL request

+ [% INCLUDE 'csrf-token.inc' %]
General details
    @@ -106,7 +107,7 @@ Cancel
- +
-- 2.39.5