From 325b3e7c1087d920d2400f19e9cdf9770c0d75f8 Mon Sep 17 00:00:00 2001
From: Owen Leonard <oleonard@myacpl.org>
Date: Thu, 15 Feb 2024 17:07:01 +0000
Subject: [PATCH] Bug 34478: Convert authorised value delete link to POST form

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
---
 .../prog/en/modules/admin/authorised_values.tt     | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt
index 3ca17300ea..11ccab61a5 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/authorised_values.tt
@@ -297,8 +297,16 @@
                                                     <span>No limitation</span>
                                                 [% END # /IF loo.branches.size > 0 %]
                                             </td>
-                                            <td class="actions"><a href="/cgi-bin/koha/admin/authorised_values.pl?op=add_form&amp;id=[% loo.id | uri %]" class="btn btn-default btn-xs"><i class="fa-solid fa-pencil" aria-hidden="true"></i> Edit</a>
-                                            <a class="delete btn btn-default btn-xs" href="/cgi-bin/koha/admin/authorised_values.pl?op=delete&amp;searchfield=[% searchfield | uri %]&amp;id=[% loo.id | uri %]"><i class="fa fa-trash-can"></i> Delete</a></td>
+                                            <td class="actions">
+                                                <a href="/cgi-bin/koha/admin/authorised_values.pl?op=add_form&amp;id=[% loo.id | uri %]" class="btn btn-default btn-xs"><i class="fa-solid fa-pencil" aria-hidden="true"></i> Edit</a>
+                                                <form action="/cgi-bin/koha/admin/authorised_values.pl" method="post">
+                                                    [% INCLUDE 'csrf-token.inc' %]
+                                                    <input type="hidden" name="op" value="cud-delete" />
+                                                    <input type="hidden" name="searchfield" value="[% searchfield | html %]" />
+                                                    <input type="hidden" name="id" value="[% loo.id | html %]" />
+                                                    <button type="submit" class="delete btn btn-default btn-xs"><i class="fa fa-trash-can"></i> Delete</button>
+                                                </form>
+                                            </td>
                                         </tr>
                                     [% END # /FOREACH loop %]
                                 </tbody>
@@ -376,7 +384,7 @@
                 $("#branches option:first").attr("selected", "selected");
             }
 
-            $("a.delete").click(function(){
+            $(".delete").click(function(){
                 return confirm(_("Are you sure you want to delete this authorized value?"));
             });
             $('#category_search').change(function() {
-- 
2.39.5