From 1b1c8cacfb62684e0a79493cf4cf2344695199a1 Mon Sep 17 00:00:00 2001 From: Phil Ringnalda Date: Thu, 29 Aug 2024 16:18:52 -0700 Subject: [PATCH] Bug 37768: Fix form that POSTs without an op in itemtype administration We intend not to have forms with method="post" without an op variable (so we can check that the op starts with "cud-" as part of the CSRF protection), but because of bug 37728 some were missed. For itemtype administration, that's the "No, do not delete" cancel button when you decide not to delete an itemtype, which doesn't need to POST anything since it's just taking you back to the list of itemtypes. The only visible change from switching to a GET is that the URL ends with a "?" from a GET with no params, but someone can fix that by choosing one of our various link-as-a-cancel-button styles and switching it to a link in a bug that doesn't block an RM_priority bug. Test plan: 1. You aren't going to see a visible difference, so start with the patch applied 2. Administration - Item types 3. You need an itemtype that isn't in use to be able to delete it - ktd provides you with an unused Computer Files type, so click the Delete button for that row 4. In the "Are you sure..." page, click No, do not delete 5. Verify that you are back at the list of itemtypes, with only the "?" at the end of the URL to tell you that you did a GET rather than a POST Sponsored-by: Chetco Community Public Library Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer --- koha-tmpl/intranet-tmpl/prog/en/modules/admin/itemtypes.tt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/itemtypes.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/itemtypes.tt index 9387c0c2e4..a2efed6ea6 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/itemtypes.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/itemtypes.tt @@ -379,8 +379,7 @@ -
- [% INCLUDE 'csrf-token.inc' %] +
-- 2.39.5