From 1812097f40c8ab2efe77ff535381b76e18c8228a Mon Sep 17 00:00:00 2001 From: Owen Leonard Date: Thu, 23 May 2024 13:13:06 +0000 Subject: [PATCH] Bug 36946: Fix cud- error when processing offline circulations This patch fixes a CSRF token error when processing offline circulations. The form needed both the token parameter and to be sent as POST. To test, apply the patch and go to Circulation. - Go to Upload offline circulation file (.koc) - Upload a .koc file, add to offline circulation queue. - View pending offline circulation actions. - Check one or more transactions and click "Process" at the bottom of the page. - The process should complete without any JS errors, and the checkboxes should be replaced with the text "Success." - Perform the same test with the "Delete" button. Sponsored-By: Athens County Public Libraries Signed-off-by: David Nind Signed-off-by: Marcel de Rooy Signed-off-by: Katrin Fischer --- .../intranet-tmpl/prog/en/modules/offline_circ/list.tt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/offline_circ/list.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/offline_circ/list.tt index f1df1f6170..86b2fc6cdd 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/offline_circ/list.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/offline_circ/list.tt @@ -137,9 +137,14 @@ var cb = $(this); $.ajax({ url: "process.pl", - data: { 'op': 'cud-' + op, 'operationid': this.value }, + data: { + 'op': 'cud-' + op, + 'operationid': this.value, + 'csrf_token': $('meta[name="csrf-token"]').attr('content') + }, async: false, dataType: "text", + type: "POST", success: function(data) { if( data == "Added." ){ cb.replaceWith(_("Added.")); -- 2.39.5