Bug 20701: Add csrf protection to maninvoice.pl
TO test:
1 - Be signed in to Koha
2 - Add a manual invoice to an account, works fine
3 - Now do it via url: http://localhost:8081/cgi-bin/koha/members/maninvoice.pl?borrowernumber=5&type=test&amount=5&add=Save
4 - Apply patches
5 - Test that everything continues to work as expected (but more securely)
6 - Try adding a new invoice via URL
7 - Should get 'internal server error' and wrong csrf token in logs
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
projects / koha-equinox.git / commit