]> git.koha-community.org Git - koha.git/commit
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used
authorKyle M Hall <kyle@bywatersolutions.com>
Thu, 27 Jul 2023 11:45:57 +0000 (07:45 -0400)
committerFridolin Somers <fridolin.somers@biblibre.com>
Fri, 28 Jul 2023 19:12:39 +0000 (09:12 -1000)
commit6aa54daa3eb9634298319bf793a3e7e3d92e285d
treee22c169d083f3dfd8025e6e094579bbeb8a91c89
parentdbe7d8f601831eab4671fdefdd643ede083a5e18
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used

This patch avoids generating CSRF tokens unless the csrf-token.inc file
is included in the template.

Passed token doesn't need HTML escaped. The docs for WWW::CSRF state:
  The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ddf1eb6cef14da365675890920ff72f010c59527)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
C4/Auth.pm
Koha/Template/Plugin/Koha.pm
koha-tmpl/intranet-tmpl/prog/en/includes/csrf-token.inc