From caf962fbaa4f52bfea12acfa02671cd6920f7a53 Mon Sep 17 00:00:00 2001 From: David Cook Date: Wed, 30 Aug 2023 00:07:23 +0000 Subject: [PATCH] Bug 34650: Remove unnecessary CSRF check on edit_form The op "edit_form" doesn't change state. It just renders the edit form. Therefore, it doesn't need a CSRF token/check. Signed-off-by: Lucas Gass Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi --- .../prog/en/modules/virtualshelves/tables/shelves_results.tt | 1 - virtualshelves/shelves.pl | 1 - 2 files changed, 2 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt index 3e792012f0..688cf9b6e5 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/tables/shelves_results.tt @@ -39,7 +39,6 @@ [%~ public = public | html ~%] [%~ IF can_manage_shelf ~%] [%~ action_block = '
' ~%] - [%~ action_block = BLOCK ~%][%~ action_block | $raw ~%][%~ INCLUDE 'csrf-token.inc' | trim ~%][%~ END ~%] [%~ action_block = action_block _ '' ~%] [%~ action_block = action_block _ '' ~%] [%~ action_block = action_block _ '' ~%] diff --git a/virtualshelves/shelves.pl b/virtualshelves/shelves.pl index 33564f8333..a4a6e41ec7 100755 --- a/virtualshelves/shelves.pl +++ b/virtualshelves/shelves.pl @@ -64,7 +64,6 @@ if ( $op eq 'add_form' ) { # Only pass default $shelf = { allow_change_from_owner => 1 }; } elsif ( $op eq 'edit_form' ) { - output_and_exit_if_error($query, $cookie, $template, { check => 'csrf_token' }); $shelfnumber = $query->param('shelfnumber'); $shelf = Koha::Virtualshelves->find($shelfnumber); -- 2.39.5