From 5a333e3cfa7dd55d4a1fa0d8a4e2cc40154029c4 Mon Sep 17 00:00:00 2001 From: Martin Renvoize Date: Thu, 15 Feb 2024 15:25:17 +0000 Subject: [PATCH] Bug 34478: Use op and cud in pay -> paycollect redirect The pay to paycollect post/redirect flow here doesn't actually consistute a state change, however it's much simpler to add the csrf token check flow here than to refactor the code to a get (url's quickly grow too large for a GET) or rework it in other ways. I opted to do this for now and work on a refactor at a future date. Signed-off-by: Jonathan Druart --- .../prog/en/modules/members/pay.tt | 16 ++++++------ members/pay.pl | 25 ++++++++----------- 2 files changed, 19 insertions(+), 22 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt index 1cfdc15407..8fc5ecf22b 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/pay.tt @@ -109,9 +109,9 @@ [% IF ( line.amountoutstanding > 0 ) %] - + [% IF CAN_user_updatecharges_writeoff %] - + [% END %] [% END %] @@ -185,7 +185,7 @@ [% IF outstanding_credits.total_outstanding < 0 %] Outstanding credits could be applied: - + Total due if credit applied: @@ -196,10 +196,12 @@
- - -[% IF CAN_user_updatecharges_writeoff %] -[% END %] + + +[% IF CAN_user_updatecharges_writeoff %] + + +[% END %] Cancel
diff --git a/members/pay.pl b/members/pay.pl index 19ab74bdc3..e9c9378003 100755 --- a/members/pay.pl +++ b/members/pay.pl @@ -76,29 +76,26 @@ $user ||= q{}; our $branch = C4::Context->userenv->{'branch'}; -if ( $input->param('paycollect') ) { - output_and_exit_if_error($input, $cookie, $template, { check => 'csrf_token' }); +my $op = $input->param('op') // q{}; + +if ( $op eq 'cud-paycollect' ) { print $input->redirect( "/cgi-bin/koha/members/paycollect.pl?borrowernumber=$borrowernumber&change_given=$change_given"); } -elsif ( $input->param('payselected') ) { - output_and_exit_if_error($input, $cookie, $template, { check => 'csrf_token' }); +elsif ( $op eq 'cud-payselected' ) { payselected({ params => \@names }); } -elsif ( $input->param('writeoff_selected') ) { - output_and_exit_if_error($input, $cookie, $template, { check => 'csrf_token' }); +elsif ( $op eq 'cud-writeoff_selected' ) { payselected({ params => \@names, type => 'WRITEOFF' }); } -elsif ( $input->param('woall') ) { - output_and_exit_if_error($input, $cookie, $template, { check => 'csrf_token' }); +elsif ( $op eq 'cud-woall' ) { writeoff_all(@names); } -elsif ( $input->param('apply_credits') ) { - output_and_exit_if_error($input, $cookie, $template, { check => 'csrf_token' }); +elsif ( $op eq 'cud-apply_credits' ) { apply_credits({ patron => $patron, cgi => $input }); } elsif ( $input->param('confirm_writeoff') ) { - output_and_exit_if_error($input, $cookie, $template, { check => 'csrf_token' }); + #FIXME: This block really belongs in paycollect my $item_id = $input->param('itemnumber'); my $accountlines_id = $input->param('accountlines_id'); my $amount = $input->param('amountwrittenoff'); @@ -134,12 +131,10 @@ elsif ( $input->param('confirm_writeoff') ) { } for (@names) { - if (/^pay_indiv_(\d+)$/) { - output_and_exit_if_error($input, $cookie, $template, { check => 'csrf_token' }); + if ($op =~ /^cud-pay_indiv_(\d+)$/) { my $line_no = $1; redirect_to_paycollect( 'pay_individual', $line_no ); - } elsif (/^wo_indiv_(\d+)$/) { - output_and_exit_if_error($input, $cookie, $template, { check => 'csrf_token' }); + } elsif ($op =~ /^cud-wo_indiv_(\d+)$/) { my $line_no = $1; redirect_to_paycollect( 'writeoff_individual', $line_no ); }