]> git.koha-community.org Git - koha.git/commit
Bug 37074: Comment approval and un-approval should be CSRF-protected
authorOwen Leonard <oleonard@myacpl.org>
Wed, 12 Jun 2024 17:49:25 +0000 (17:49 +0000)
committerLucas Gass <lucas@bywatersolutions.com>
Thu, 25 Jul 2024 14:08:54 +0000 (14:08 +0000)
commite12b5150c6f33a7a6c16ed8ec7eefbf5442796af
tree57d952c911fde3e4d858a07d623bb4c091bec40b
parentf12ddeacbc47a67194a8a1c008b017706276fcea
Bug 37074: Comment approval and un-approval should be CSRF-protected

This patch converts the "Approve" and "Unapprove" controls in the staff
client's comment moderation page so that the operations are POST instead
of GET.

To test, apply the patch and restart services.

- If necessary, enable OPACComments and submit a few comments on a few
  titles in the OPAC
- Go to Tools -> Comments
- Test the process of approving, unapproving, and deleting comments

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
koha-tmpl/intranet-tmpl/prog/en/modules/reviews/reviewswaiting.tt
reviews/reviewswaiting.pl