git.koha-community.org Git - koha.git/commit

author	Nick Clemens <nick@bywatersolutions.com>
	Thu, 3 May 2018 11:52:24 +0000 (11:52 +0000)
committer	Fridolin Somers <fridolin.somers@biblibre.com>
	Wed, 23 May 2018 19:05:15 +0000 (21:05 +0200)
commit	cce493764a9ec4cfba2557731cbb452c1b3e07a2
tree	b47729471157d8a732d16ba19b299e0044304434	tree \| snapshot
parent	f2dfaf59a75773de83b4945aa8b8c5b1de94f13a	commit \| diff

Bug 20701: Add csrf protection to maninvoice.pl

TO test:
1 - Be signed in to Koha
2 - Add a manual invoice to an account, works fine
3 - Now do it via url: http://localhost:8081/cgi-bin/koha/members/maninvoice.pl?borrowernumber=5&type=test&amount=5&add=Save
4 - Apply patches
5 - Test that everything continues to work as expected (but more securely)
6 - Try adding a new invoice via URL
7 - Should get 'internal server error' and wrong csrf token in logs

Works OK.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
(cherry picked from commit 730d1fd57d982735522b3c7c1bc4d421255c2107)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>

koha-tmpl/intranet-tmpl/prog/en/modules/members/maninvoice.tt		diff \| blob \| history
members/maninvoice.pl		diff \| blob \| history