Browse Source

Bug 17109: [QA Follow-up] Die when wrong token

Removes template var csrf_error and associated handling.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Restested with opac and intranet: Still sends or dies elegantly..

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
16.11.x
Marcel de Rooy 6 years ago
committed by Kyle M Hall
parent
commit
130733a013
  1. 9
      basket/sendbasket.pl
  2. 4
      koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt
  3. 4
      koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt
  4. 9
      opac/opac-sendbasket.pl

9
basket/sendbasket.pl

@ -50,19 +50,12 @@ my $email_add = $query->param('email_add');
my $dbh = C4::Context->dbh;
my $csrf_err;
if ( $email_add ) {
$csrf_err = 1 unless Koha::Token->new->check_csrf({
die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
secret => md5_base64( C4::Context->config('pass') ),
token => scalar $query->param('csrf_token'),
});
}
if( $csrf_err ) {
$template->param( csrf_error => 1, email_add => 1 );
output_html_with_http_headers $query, $cookie, $template->output;
} elsif ( $email_add ) {
my $email = Koha::Email->new();
my %mail = $email->create_message_headers({ to => $email_add });
my $comment = $query->param('comment');

4
koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt

@ -10,10 +10,6 @@
<p>The cart was sent to: [% email_add |html %]</p>
<p><a class="focus close" href="#">Close window</a></p>
[% END %]
[% IF csrf_error %]
<p>No valid CSRF token!</p>
<p><a class="focus close" href="#">Close window</a></p>
[% END %]
[% IF ( error ) %]
<p>Problem sending the cart...</p>
[% END %]

4
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt

@ -19,10 +19,6 @@
<p><a class="focus close" href="#">Close window</a></p>
[% END %]
[% IF csrf_error %]
<p>No valid CSRF token!</p>
<p><a class="focus close" href="#">Close window</a></p>
[% END %]
[% IF ( error ) %]
<div class="alert">
<p>There was an error sending the cart.</p>

9
opac/opac-sendbasket.pl

@ -52,19 +52,12 @@ my $email_add = $query->param('email_add');
my $dbh = C4::Context->dbh;
my $csrf_err;
if ( $email_add ) {
$csrf_err = 1 unless Koha::Token->new->check_csrf({
die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
id => C4::Context->userenv->{id},
secret => md5_base64( C4::Context->config('pass') ),
token => scalar $query->param('csrf_token'),
});
}
if( $csrf_err ) {
$template->param( csrf_error => 1, email_add => 1 );
output_html_with_http_headers $query, $cookie, $template->output;
} elsif ( $email_add ) {
my $email = Koha::Email->new();
my $user = GetMember(borrowernumber => $borrowernumber);
my $user_email = GetFirstValidEmailAddress($borrowernumber)

Loading…
Cancel
Save