From aae125044d78f9f1a71bdc229b029db585422890 Mon Sep 17 00:00:00 2001 From: Owen Leonard Date: Mon, 13 May 2024 13:46:03 +0000 Subject: [PATCH] Bug 36838: Add CSRF token to tags review AJAX requests The JavaScript for approving or rejecting tags in the staff interface's tag review interface lacked a CSRF token for the POSTed requests. This patch adds the token for "approve" and "reject" operations. To test, apply the patch and clear your browser cache if necessary. - If necessary, enable tags in system preferences. - Log in to the OPAC and submit multiple tags on various records. - In the staff interface, go to Tools -> Tags. - Test the process of approving and rejecting tags by clicking the buttons in each row of the table of tags. - The browser console should show no errors, and the lists of approved and rejected tags should correctly show the tags you moderated. Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer --- koha-tmpl/intranet-tmpl/prog/js/pages/tags-review.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/koha-tmpl/intranet-tmpl/prog/js/pages/tags-review.js b/koha-tmpl/intranet-tmpl/prog/js/pages/tags-review.js index 39a349f196..af4c719ec8 100644 --- a/koha-tmpl/intranet-tmpl/prog/js/pages/tags-review.js +++ b/koha-tmpl/intranet-tmpl/prog/js/pages/tags-review.js @@ -105,6 +105,7 @@ $(document).ready(function() { data: { tag: $(event.target).attr("title"), op: 'cud-approve', + csrf_token: $('meta[name="csrf-token"]').attr('content') }, success: count_approve // success_approve })); @@ -127,6 +128,7 @@ $(document).ready(function() { data: { tag: $(event.target).attr("title"), op: 'cud-reject', + csrf_token: $('meta[name="csrf-token"]').attr('content') }, success: count_reject // success_reject })); -- 2.39.5