]> git.koha-community.org Git - koha.git/commit
bug 9401: remove direct reads of CGISESSID cookie by JavaScript
authorGalen Charlton <gmc@esilibrary.com>
Wed, 16 Jan 2013 05:45:00 +0000 (21:45 -0800)
committerJared Camins-Esakov <jcamins@cpbibliography.com>
Fri, 1 Feb 2013 16:05:35 +0000 (11:05 -0500)
commit6c1da551eae66936837c368cae88845a7ab9a686
tree0cf3417cc2abf0e19115dc9e9c228ce07d691211
parent0db3cccf87fdb14b5556a8a1044d89a5b2baabc5
bug 9401: remove direct reads of CGISESSID cookie by JavaScript

Having embedded JavaScript read the session cookie directly
is unnecessary and prevents the CGISESSID cookie being marked
httpOnly as a security measure.  The only Koha JS attempting
this was the AJAX tags code.

To test:

- In general, verify that there are no regression withs
  adding tags in the OPAC or reviewing them in the staff interface.
- In specific, for the OPAC
  - log into the OPAC
  - retrieve a bib record
  - add a tag
  - refresh the bib details page to verify that the
    tag was added
  - make sure the TagsInputOnList syspref is on
  - perform a search
  - add a tag to more than one record from the search results page
  - repeat the preceding using the CCSR theme
- And in the staff interface
  - Go to the review tags tool
  - Reject a tag
  - Refresh to verify that the tag was rejected

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
koha-tmpl/intranet-tmpl/prog/en/modules/tags/review.tt
koha-tmpl/opac-tmpl/ccsr/en/js/tags.js
koha-tmpl/opac-tmpl/prog/en/js/tags.js
opac/opac-tags.pl
tags/review.pl