From 67cedc9955f50c4d51b2e9a1f68ab0cac8e9a44f Mon Sep 17 00:00:00 2001 From: Owen Leonard Date: Wed, 5 Jun 2024 18:06:04 +0000 Subject: [PATCH] Bug 37039: Update discharge request with CSRF token The OPAC discharge page used a link with a GET parameter, but the script expects a POST request. This patch converts the link to a form with CSRF token included. To test, apply the patch and enable the useDischarge system preference if necessary. - Log in to the OPAC as a user with no checkouts or outstanding fees. - Click the "Ask for discharge" tab in the sidebar of the user summary page. - Click the "Ask for a discharge" button. - You should be redirected to a page that says "Your discharge request has been sent." Signed-off-by: David Nind Signed-off-by: Julian Maurice Signed-off-by: Martin Renvoize --- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-discharge.tt | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-discharge.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-discharge.tt index 6f061b22ca..96f019d796 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-discharge.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-discharge.tt @@ -52,7 +52,11 @@ [% IF has_checkouts %]
You cannot be discharged, you have checked out items. Please return items before asking for a discharge.
[% ELSE %] - Ask for a discharge +
+ [% INCLUDE 'csrf-token.inc' %] + + +
[% END %] [% END %] -- 2.39.5