Bug 37407: Fix automatic checkout for fast cataloging

This patch adds a check for the referrer to the circulation page.
If the referrer is from the same origin's additem.pl then get the
barcode from the url parameters, fill the form and submit.

Test plan:
1. Apply patch
2. Enter a barcode not in the system, eg 99999
3. Click '+ Add record using fast cataloging'
4. Fill required bib fields 000, 008 and 245a and click 'Save'
5. Add required item field y - Koha item type and click 'Add item'
6. Notice the barcode is filled and the form is submitted automatically
7. Confirm the item is checked out and the dutedate specified works
8. Add an html customization somewhere else in koha with a link like
   http://localhost:8081/cgi-bin/koha/circ/circulation.pl?borrowernumber=38&barcode=99999&duedatespec=&stickyduedate=
9. Click on the link to simulate a csrf attack
10. Confirm the checkout page is loaded for that patron but no checkout is made

Signed-off-by: Eric Garcia <cubingguy714@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

koha-tmpl/intranet-tmpl/prog/en/modules/circ/circulation.tt

@@ -1135,6 +1135,16 @@
                     }
                 });
             [% END %]
+
+            // Handle checkout for fast cataloging
+            // Check the referrer to prevent csrf, fill and submit form
+            if(document.referrer.split('?')[0] === window.location.origin +'/cgi-bin/koha/cataloguing/additem.pl') {
+                let urlParams = new URLSearchParams(window.location.search);
+                let barcode = urlParams.get('barcode');
+                $('#barcode').val(barcode);
+                $('#mainform').submit();
+            }
+
         });
     </script>
     [% INCLUDE 'str/members-menu.inc' %]