]> git.koha-community.org Git - koha.git/commit
Bug 17109: Add CSRF token to [opac-]sendbasket
authorMarcel de Rooy <m.de.rooy@rijksmuseum.nl>
Thu, 11 Aug 2016 12:17:14 +0000 (14:17 +0200)
committerMason James <mtj@kohaaloha.com>
Wed, 3 May 2017 02:24:14 +0000 (14:24 +1200)
commit5a627a355e63d932f3d16114529e4f548915d3eb
tree0bd1fe4c391740a43e53be05a37d3f0e07511783
parentc55b093e79d404ff674dcccdb032a2d74cc398b9
Bug 17109: Add CSRF token to [opac-]sendbasket

If you have no (valid) token, you will not be able to send the message.

Test plan:
[1] Verify if you can still send the cart from opac and intranet.
[2] While still being logged in, try to send the cart from opac by
    using the following URL:
    /cgi-bin/koha/opac-sendbasket.pl?email_add=you@somedomain.com&comment=csrf_test&bib_list=doesnotmatter&csrf_token=justsomeguess12345
    This should now result in a csrf error.

Signed-off-by: Marc VĂ©ron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Mason James <mtj@kohaaloha.com>
basket/sendbasket.pl
koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt
opac/opac-sendbasket.pl