]> git.koha-community.org Git - koha.git/commit
Bug 20701: Add csrf protection to maninvoice.pl
authorNick Clemens <nick@bywatersolutions.com>
Thu, 3 May 2018 11:52:24 +0000 (11:52 +0000)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 23 May 2018 15:19:33 +0000 (12:19 -0300)
commitd6f99f0df11e824353fa051b595b01bf8b4ac28d
tree97463361fe1b802609926166e578208b2bd8eb97
parentfe8a617efd36826c405882adf96c9081aad5b137
Bug 20701: Add csrf protection to maninvoice.pl

TO test:
1 - Be signed in to Koha
2 - Add a manual invoice to an account, works fine
3 - Now do it via url: http://localhost:8081/cgi-bin/koha/members/maninvoice.pl?borrowernumber=5&type=test&amount=5&add=Save
4 - Apply patches
5 - Test that everything continues to work as expected (but more securely)
6 - Try adding a new invoice via URL
7 - Should get 'internal server error' and wrong csrf token in logs

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
koha-tmpl/intranet-tmpl/prog/en/modules/members/maninvoice.tt
members/maninvoice.pl