From 13b0aa1262620d1a016fd32597f72594f057b956 Mon Sep 17 00:00:00 2001 From: Victor Grousset/tuxayo Date: Tue, 14 May 2024 20:39:00 +0200 Subject: [PATCH] Bug 36598: (QA follow-up): tidy up code Signed-off-by: Marcel de Rooy Signed-off-by: Lucas Gass --- Koha/App/Plugin/CSRF.pm | 8 ++++++-- t/db_dependent/mojo/csrf.t | 24 ++++++++++++++++-------- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/Koha/App/Plugin/CSRF.pm b/Koha/App/Plugin/CSRF.pm index 5e487fb097..9a38c84afa 100644 --- a/Koha/App/Plugin/CSRF.pm +++ b/Koha/App/Plugin/CSRF.pm @@ -75,12 +75,16 @@ sub register { if ( $method eq 'GET' || $method eq 'HEAD' || $method eq 'OPTIONS' || $method eq 'TRACE' ) { my $op = $c->req->param('op'); if ( $op && $op =~ /^cud-/ ) { - return $c->reply->exception('Incorrect use of a safe HTTP method with an `op` parameter that starts with "cud-"')->rendered(400); + return $c->reply->exception( + 'Incorrect use of a safe HTTP method with an `op` parameter that starts with "cud-"') + ->rendered(400); } } else { my $op = $c->req->param('op'); if ( $op && $op !~ /^cud-/ ) { - return $c->reply->exception('Incorrect use of an unsafe HTTP method with an `op` parameter that does not start with "cud-"')->rendered(400); + return $c->reply->exception( + 'Incorrect use of an unsafe HTTP method with an `op` parameter that does not start with "cud-"') + ->rendered(400); } if ( $c->cookie('CGISESSID') && !$self->is_csrf_valid( $c->req ) ) { diff --git a/t/db_dependent/mojo/csrf.t b/t/db_dependent/mojo/csrf.t index 70ee65a812..511cf1a7ff 100755 --- a/t/db_dependent/mojo/csrf.t +++ b/t/db_dependent/mojo/csrf.t @@ -43,15 +43,19 @@ subtest 'CSRF - Intranet' => sub { subtest 'GETting what should be POSTed should fail' => sub { plan tests => 3; - $t->get_ok('/cgi-bin/koha/mainpage.pl?op=cud-login')->status_is(400) - ->content_like( qr/Incorrect use of a safe HTTP method with an `op` parameter that starts with "cud-"/, 'Body contains correct error message' ); + $t->get_ok('/cgi-bin/koha/mainpage.pl?op=cud-login')->status_is(400)->content_like( + qr/Incorrect use of a safe HTTP method with an `op` parameter that starts with "cud-"/, + 'Body contains correct error message' + ); }; subtest 'POSTing what should be GET should fail' => sub { plan tests => 3; - $t->post_ok('/cgi-bin/koha/mainpage.pl?op=login')->status_is(400) - ->content_like( qr/Incorrect use of an unsafe HTTP method with an `op` parameter that does not start with "cud-"/, 'Body contains correct error message' ); + $t->post_ok('/cgi-bin/koha/mainpage.pl?op=login')->status_is(400)->content_like( + qr/Incorrect use of an unsafe HTTP method with an `op` parameter that does not start with "cud-"/, + 'Body contains correct error message' + ); }; }; @@ -91,14 +95,18 @@ subtest 'CSRF - OPAC' => sub { subtest 'GETting what should be POSTed should fail' => sub { plan tests => 3; - $t->get_ok('/cgi-bin/koha/opac-user.pl?op=cud-login')->status_is(400) - ->content_like( qr/Incorrect use of a safe HTTP method with an `op` parameter that starts with "cud-"/, 'Body contains correct error message' ); + $t->get_ok('/cgi-bin/koha/opac-user.pl?op=cud-login')->status_is(400)->content_like( + qr/Incorrect use of a safe HTTP method with an `op` parameter that starts with "cud-"/, + 'Body contains correct error message' + ); }; subtest 'POSTing what should be GET should fail' => sub { plan tests => 3; - $t->post_ok('/cgi-bin/koha/opac-user.pl?op=login')->status_is(400) - ->content_like( qr/Incorrect use of an unsafe HTTP method with an `op` parameter that does not start with "cud-"/, 'Body contains correct error message' ); + $t->post_ok('/cgi-bin/koha/opac-user.pl?op=login')->status_is(400)->content_like( + qr/Incorrect use of an unsafe HTTP method with an `op` parameter that does not start with "cud-"/, + 'Body contains correct error message' + ); }; }; -- 2.39.5