[Koha] Koha CSRF protection

Nick Clemens nick at bywatersolutions.com
Sat Mar 2 02:25:39 NZDT 2024


Hello all!

We have pushed the CSRF work from 34478 and related bugs today. We know
there are more follow-ups needed, and have filed a series of bugs under an
omnibus:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192

We have a framapad where issues can be reported/found:
https://annuel.framapad.org/p/koha_34478_remaining

And we have bugs for each of the sections of the document. We need all
developers to submit patches when they encounter issues, and for other
users testing master to report found issues on the pad. Testers can report
issues on the pad as well.

There is a new coding guideline - all POSTs to forms in Koha will need to
include a csrf token:
https://wiki.koha-community.org/wiki/Coding_Guidelines#Security

This has been a big work, many thanks to all involved, and there is still
work to be done, but this is an important fix that we must do.

You can reach out to me on IRC (kidclamp) or via email and I will do my
best to help anyone contribute.

Thanks,
Nick

-- 
Nick Clemens
ByWater Solutions
bywatersolutions.com
Phone: (888) 900-8944
Pronouns: (he/him/his)
Timezone: Eastern
Follow us:
<https://www.facebook.com/ByWaterSolutions/>
<https://www.instagram.com/bywatersolutions/>
<https://www.youtube.com/user/bywatersolutions>
<https://twitter.com/ByWaterSolution>


More information about the Koha mailing list