Bug 36193: Fix acq receiving

This patch addresses the CSRF error when receiving in acquisitions.

To test:
1. Have at least one order to receive
2. Follow the steps to receive them
3. Have the logs open:
   $ ktd --shell
  k$ tail -f /var/log/koha/kohadev/*.log
4. Click to confirm receipt
=> FAIL: An error modal is displayed
=> FAIL: There's an error about missing CSRF token in POST
5. Apply this patch
6. Reload everything:
  k$ restart_all
7. Repeat 1-4
=> SUCCESS: Receipt works :-D
=> SUCCESS: No error log
8. Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

acqui/finishreceive.pl

@@ -36,9 +36,14 @@ use Koha::Number::Price;
 use Koha::Acquisition::Booksellers;
 use Koha::Acquisition::Orders;
 
+my $input = CGI->new;
 
-my $input=CGI->new;
-my $flagsrequired = {acquisition => 'order_receive'};
+if ( $input->request_method ne "POST" ) {
+    print $input->header( -status => 400 );
+    exit;
+}
+
+my $flagsrequired = { acquisition => 'order_receive' };
 
 checkauth($input, 0, $flagsrequired, 'intranet');
 

koha-tmpl/intranet-tmpl/prog/en/modules/acqui/orderreceive.tt

@@ -681,6 +681,7 @@
             [% END %]
 
             var _doSave = function(params) {
+                params.data.csrf_token = $('meta[name="csrf-token"]').attr('content');
                 $.ajax($.extend({
                     method: 'POST',
                     url: '/cgi-bin/koha/acqui/finishreceive.pl'