Bug 17109: [QA Follow-up] Die when wrong token

Removes template var csrf_error and associated handling. Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Restested with opac and intranet: Still sends or dies elegantly.. Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
7 years ago · 130733a013
4 changed files with 2 additions and 24 deletions
--- a/basket/sendbasket.pl
+++ b/basket/sendbasket.pl
@ -50,19 +50,12 @@ my $email_add    = $query->param('email_add');

 my $dbh          = C4::Context->dbh;

-my $csrf_err;
 if ( $email_add ) {
-    $csrf_err = 1 unless Koha::Token->new->check_csrf({
+    die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
        id     => C4::Context->userenv->{id},
        secret => md5_base64( C4::Context->config('pass') ),
        token  => scalar $query->param('csrf_token'),
    });
-}
-
-if( $csrf_err ) {
-    $template->param( csrf_error => 1, email_add => 1 );
-    output_html_with_http_headers $query, $cookie, $template->output;
-} elsif ( $email_add ) {
    my $email = Koha::Email->new();
    my %mail = $email->create_message_headers({ to => $email_add });
    my $comment    = $query->param('comment');
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt
@ -10,10 +10,6 @@
        <p>The cart was sent to: [% email_add |html %]</p>
 		<p><a class="focus close" href="#">Close window</a></p>
 	[% END %]
-    [% IF csrf_error %]
-        <p>No valid CSRF token!</p>
-        <p><a class="focus close" href="#">Close window</a></p>
-    [% END %]
 	[% IF ( error ) %]
 	<p>Problem sending the cart...</p>
 	[% END %]
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt
@ -19,10 +19,6 @@
                                <p><a class="focus close" href="#">Close window</a></p>
                            [% END %]

-                            [% IF csrf_error %]
-                                <p>No valid CSRF token!</p>
-                                <p><a class="focus close" href="#">Close window</a></p>
-                            [% END %]
                            [% IF ( error ) %]
                                <div class="alert">
                                    <p>There was an error sending the cart.</p>
--- a/opac/opac-sendbasket.pl
+++ b/opac/opac-sendbasket.pl
@ -52,19 +52,12 @@ my $email_add    = $query->param('email_add');

 my $dbh          = C4::Context->dbh;

-my $csrf_err;
 if ( $email_add ) {
-    $csrf_err = 1 unless Koha::Token->new->check_csrf({
+    die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
        id     => C4::Context->userenv->{id},
        secret => md5_base64( C4::Context->config('pass') ),
        token  => scalar $query->param('csrf_token'),
    });
-}
-
-if( $csrf_err ) {
-    $template->param( csrf_error => 1, email_add => 1 );
-    output_html_with_http_headers $query, $cookie, $template->output;
-} elsif ( $email_add ) {
    my $email = Koha::Email->new();
    my $user = GetMember(borrowernumber => $borrowernumber);
    my $user_email = GetFirstValidEmailAddress($borrowernumber)