From 06f17d9f6a000423e07c9cbc84f2d06198a72567 Mon Sep 17 00:00:00 2001 From: Phil Ringnalda Date: Fri, 30 Aug 2024 10:04:12 -0700 Subject: [PATCH] Bug 37794: Fix form that POSTs without an op in Holds to pull We intend not to have forms with method="post" without an op variable (so we can check that the op starts with "cud-" as part of the CSRF protection), but because of bug 37728 some were missed. In Holds to pull that's the form which lets you change from the default starting and ending date. Switching that to a GET at least lets you refresh the page without getting a browser warning about resending a POST and maybe having your credit card double-charged. Test plan: 1. Without the patch, Circulation - Holds to pull - change the start date to something earlier and click Submit 2. Refresh the page, get a warning about resubmitting data 3. Apply patch, Circulation - Holds to pull - change the start date to something earlier and click Submit 4. Refresh the page, no warning Sponsored-by: Chetco Community Public Library Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer --- .../intranet-tmpl/prog/en/modules/circ/pendingreserves.tt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/pendingreserves.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/pendingreserves.tt index 55578ee95c..cd1c237287 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/circ/pendingreserves.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/circ/pendingreserves.tt @@ -287,8 +287,7 @@
-
- [% INCLUDE 'csrf-token.inc' %] +

Refine results

    -- 2.39.5