From d2ee53fb5f90277d47fc56667e71018f5d9b88a9 Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Thu, 30 Mar 2017 10:20:30 +0200 Subject: [PATCH] Bug 18019: [QA Follow-up] Also catch the delete from authorities detail Good catch from Jonathan. See comment11. Authorities detail should pass a CSRF token to authorities-home when deleting a record without linked biblios. Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart Passing the token with GET is not a good way to do, but nothing quick to replace that. Signed-off-by: Kyle M Hall --- authorities/detail.pl | 2 ++ koha-tmpl/intranet-tmpl/prog/en/modules/authorities/detail.tt | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/authorities/detail.pl b/authorities/detail.pl index 1ba280d38a..38af541a9b 100755 --- a/authorities/detail.pl +++ b/authorities/detail.pl @@ -50,6 +50,7 @@ use C4::Koha; use Koha::Authorities; use Koha::Authority::Types; +use Koha::Token; our ($tagslib); @@ -219,6 +220,7 @@ $template->param( authtypetext => $authority_types->find($authtypecode)->authtypetext, authtypecode => $authtypecode, authority_types => $authority_types, + csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $query->cookie('CGISESSID') }), ); $template->{VARS}->{marcflavour} = C4::Context->preference("marcflavour"); diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/detail.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/detail.tt index 295c325369..e1502325a2 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/detail.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/authorities/detail.tt @@ -34,7 +34,7 @@ function confirm_deletion() { var is_confirmed = confirm(_("Are you sure you want to delete this authority?")); if (is_confirmed) { - window.location="authorities-home.pl?op=delete&authid=[% authid %]"; + window.location="authorities-home.pl?op=delete&authid=[% authid %]&csrf_token=[% csrf_token %]"; } } function Dopop(link) { -- 2.20.1