git.koha-community.org Git - koha.git/commit

author	Phil Ringnalda <phil@chetcolibrary.org>
	Fri, 30 Aug 2024 17:04:12 +0000 (10:04 -0700)
committer	Katrin Fischer <katrin.fischer@bsz-bw.de>
	Mon, 2 Sep 2024 14:36:17 +0000 (16:36 +0200)
commit	06f17d9f6a000423e07c9cbc84f2d06198a72567
tree	30fcc71908d032936acdb5bbc4d35b846be4dacc	tree \| snapshot
parent	48d8ac7befea8bdab01f0fa0e7acf5dc71a6718b	commit \| diff

Bug 37794: Fix form that POSTs without an op in Holds to pull

We intend not to have forms with method="post" without an op variable (so we
can check that the op starts with "cud-" as part of the CSRF protection), but
because of bug 37728 some were missed.

In Holds to pull that's the form which lets you change from the default
starting and ending date. Switching that to a GET at least lets you refresh
the page without getting a browser warning about resending a POST and maybe
having your credit card double-charged.

Test plan:
1. Without the patch, Circulation - Holds to pull - change the start date to
something earlier and click Submit
2. Refresh the page, get a warning about resubmitting data
3. Apply patch, Circulation - Holds to pull - change the start date to
something earlier and click Submit
4. Refresh the page, no warning

Sponsored-by: Chetco Community Public Library
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>