]> git.koha-community.org Git - koha.git/commit
Bug 21993: Display a user-friendly message when the CSRF token is wrong
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Wed, 12 Dec 2018 17:59:54 +0000 (14:59 -0300)
committerNick Clemens <nick@bywatersolutions.com>
Fri, 25 Jan 2019 20:38:32 +0000 (20:38 +0000)
commitb990b953b324dc18c013f94d1828b61bb5118c60
treec430ee06211f8d743af5deaad0e9320e868fa814
parentc61dc7863d00072c7d438c5b4b504bfbe428b65d
Bug 21993: Display a user-friendly message when the CSRF token is wrong

Instead of dying!

Test plan:
Assuming you have a patron with borrowernumber=51 and another one that
can be deleted with borrowernumber=42

- authorities-home.pl
 * Delete an authority record
 * hit /cgi-bin/koha/authorities/authorities-home.pl?op=delete

- basket/sendbasket.pl
 * Send a basket to someone
 * hit /cgi-bin/koha/basket/sendbasket.pl?email_add=1

- members/apikeys.pl
  * Generate and delete an API key for a patron
  * hit /cgi-bin/koha/members/apikeys.pl?patron_id=51&op=delete

- members/deletemem.pl
  * Delete a patron
  * hit /cgi-bin/koha/members/deletemem.pl?member=42&op=delete_confirmed

- members/mancredit.pl
  * Add a manual credit
  * hit /cgi-bin/koha/members/mancredit.pl?borrowernumber=51&add=1

- members/maninvoice.pl
  * Add a manual invoice
  * hit /cgi-bin/koha/members/maninvoice.pl?borrowernumber=51&add=1

- members/member-flags.pl
  * Change permissions for a patron
  * hit /cgi-bin/koha/members/member-flags.pl?member=51&newflags=1

- members/member-password.pl
  * Change the password for a patron (from the staff interface)
  * hit /cgi-bin/koha/members/member-password.pl?member=51&newpassword=aA1

- members/memberentry.pl
  * Edit some patron's info
  * hit /cgi-bin/koha/members/memberentry.pl?borrowernumber=51&op=save

- members/paycollect.pl
  * Pay an individual fine
  * hit something like /cgi-bin/koha/members/paycollect.pl?borrowernumber=51&pay_individual=1&accounttype=L&amount=1.00&amountoutstanding=1.00&accountlines_id=157&paid=1
  You may need to edit some values

- tools/import_borrowers.pl
  * Import some patrons
  * hit /cgi-bin/koha/tools/import_borrowers.pl?uploadborrowers=1

- tools/picture-upload.pl
  * Upload an image for a patron
  * You will need to edit the html content
  hit Home › Tools › Upload patron images
  then locate the csrf_token input and modify its value

Note for QA:
- Opac is not done as blocking_errors.inc does not exist for this
interface
- ill/ill-requests.pl
I did not manage to replace this occurrence

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
16 files changed:
authorities/authorities-home.pl
basket/sendbasket.pl
koha-tmpl/intranet-tmpl/prog/en/includes/blocking_errors.inc
koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt
koha-tmpl/intranet-tmpl/prog/en/modules/tools/import_borrowers.tt
koha-tmpl/intranet-tmpl/prog/en/modules/tools/picture-upload.tt
members/apikeys.pl
members/deletemem.pl
members/mancredit.pl
members/maninvoice.pl
members/member-flags.pl
members/member-password.pl
members/memberentry.pl
members/paycollect.pl
tools/import_borrowers.pl
tools/picture-upload.pl