Koha-community/Koha
15
7
Fork 0
Code Issues Releases Wiki Activity

Bug 34478: Remove generate_csrf from pl

Browse source 
We do not longer need to generate_csrf from pl files

TODO - members/boraccount.tt and sco/sco-main.tt needs to be adjusted

Bug 34478: [TO SQUASH] Remove generate_csrf from pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
This commit is contained in:
Jonathan Druart 2023-08-04 11:15:54 +02:00
parent 8596861127
commit 7e7159bf58
Signed by: jonathan.druart
GPG key ID: A085E712BEF0E0F0
26 changed files with 0 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Koha/REST/V1/OAuth/Client.pm
View file

@ -94,10 +94,6 @@ sub login {
return $c->redirect_to( $uri . "?auth_error=$error" );
}
}
else {
# initial request, generate CSRF token
$state = Koha::Token->new->generate_csrf( { session_id => $c->req->cookie('CGISESSID')->value } );
}
return $c->oauth2->get_token_p( $provider => { ( !$is_callback ? ( state => $state ) : () ), redirect_uri => $redirect_url . $provider . "/" . $interface } )->then(
sub {

5
authorities/authorities-home.pl
View file

@ -113,11 +113,6 @@ if ( $op eq "do_search" ) {
}
$template->param( search_query => $search_query ) if C4::Context->preference('DumpSearchQueryTemplate');
$template->param(
csrf_token => Koha::Token->new->generate_csrf({
session_id => scalar $query->cookie('CGISESSID'),
}),
);
# search history
if (C4::Context->preference('EnableSearchHistory')) {

1
authorities/detail.pl
View file

@ -230,7 +230,6 @@ $template->param(
authtypetext => $type ? $type->authtypetext: "",
authtypecode => $authtypecode,
authority_types => $authority_types,
csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $query->cookie('CGISESSID') }),
servers => $servers,
);

3
basket/sendbasket.pl
View file

@ -124,9 +124,6 @@ else {
url => "/cgi-bin/koha/basket/sendbasket.pl",
suggestion => C4::Context->preference("suggestion"),
virtualshelves => C4::Context->preference("virtualshelves"),
csrf_token => Koha::Token->new->generate_csrf(
{ session_id => scalar $query->cookie('CGISESSID'), }
),
);
output_html_with_http_headers $query, $cookie, $template->output;
}

5
circ/circulation.pl
View file

@ -705,9 +705,4 @@ $template->param(
logged_in_user => $logged_in_user,
);
# Generate CSRF token for upload and delete image buttons
$template->param(
csrf_token => Koha::Token->new->generate_csrf({ session_id => $query->cookie('CGISESSID'),}),
);
output_html_with_http_headers $query, $cookie, $template->output;

3
ill/ill-requests.pl
View file

@ -108,9 +108,6 @@ if ( $backends_available ) {
$template->param(
notices => $notices,
request => $request,
csrf_token => Koha::Token->new->generate_csrf({
session_id => scalar $cgi->cookie('CGISESSID'),
}),
( $params->{tran_error} ?
( tran_error => $params->{tran_error} ) : () ),
( $params->{tran_success} ?

2
mainpage.pl
View file

@ -37,7 +37,6 @@ use Koha::Suggestions;
use Koha::BackgroundJobs;
use Koha::CurbsidePickups;
use Koha::Tickets;
use Koha::Token;
my $query = CGI->new;
@ -70,7 +69,6 @@ my $koha_news = Koha::AdditionalContents->search_for_display(
$template->param(
koha_news => $koha_news,
csrf_token => Koha::Token->new->generate_csrf( { session_id => $query->cookie('CGISESSID'), } ),
daily_quote => Koha::Quotes->get_daily_quote(),
);

1
members/apikeys.pl
View file

@ -123,7 +123,6 @@ if ($op) {
$template->param(
api_keys => Koha::ApiKeys->search({ patron_id => $patron_id }),
csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $cgi->cookie('CGISESSID') }),
patron => $patron
);

5
members/boraccount.pl
View file

@ -244,10 +244,6 @@ foreach my $renew_result(@renew_results) {
};
}
my $csrf_token = Koha::Token->new->generate_csrf({
session_id => scalar $input->cookie('CGISESSID'),
});
$template->param(
patron => $patron,
finesview => 1,
@ -258,7 +254,6 @@ $template->param(
change_given => $change_given,
renew_results => $renew_results_display,
receipt_sent => $receipt_sent,
csrf_token => $csrf_token,
);
output_html_with_http_headers $input, $cookie, $template->output;

1
members/deletemem.pl
View file

@ -114,7 +114,6 @@ $template->param(
if ( $op eq 'delete_confirm' or $countissues > 0 or $debits or $is_guarantor ) {
$template->param(
op => 'delete_confirm',
csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }),
);
} elsif ( $op eq 'delete_confirmed' ) {

3
members/mancredit.pl
View file

@ -141,9 +141,6 @@ else {
patron => $patron,
credit_types => \@credit_types,
finesview => 1,
csrf_token => Koha::Token->new->generate_csrf(
{ session_id => scalar $input->cookie('CGISESSID') }
),
available_additional_fields => [ Koha::AdditionalFields->search({ tablename => 'accountlines:credit' })->as_list ],
);
output_html_with_http_headers $input, $cookie, $template->output;

3
members/maninvoice.pl
View file

@ -227,9 +227,6 @@ my $debit_types = Koha::Account::DebitTypes->search_with_library_limits(
$template->param(
debit_types => $debit_types,
csrf_token => Koha::Token->new->generate_csrf(
{ session_id => scalar $input->cookie('CGISESSID') }
),
patron => $patron,
finesview => 1,
available_additional_fields => [ Koha::AdditionalFields->search({ tablename => 'accountlines:debit' })->as_list ],

2
members/member-flags.pl
View file

@ -181,8 +181,6 @@ if ($input->param('newflags')) {
$template->param(
patron => $patron,
loop => \@loop,
csrf_token =>
Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID'), } ),
disable_superlibrarian_privs => C4::Context->preference('ProtectSuperlibrarianPrivileges') ? !C4::Context->IsSuperLibrarian : 0,
);

1
members/member-password.pl
View file

@ -97,7 +97,6 @@ if ( $newpassword and not @errors) {
$template->param(
patron => $patron,
destination => $destination,
csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID'), }),
);
if ( scalar(@errors) ) {

5
members/memberentry.pl
View file

@ -809,11 +809,6 @@ $template->param(
CanUpdatePasswordExpiration => $CanUpdatePasswordExpiration,
);
# Generate CSRF token
$template->param( csrf_token =>
Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID'), } ),
);
# HouseboundModule data
$template->param(
housebound_role => Koha::Patron::HouseboundRoles->find($borrowernumber),

5
members/moremember.pl
View file

@ -132,11 +132,6 @@ if ( !$patron->is_valid_age ) {
$template->param( age_high => $patron->category->upperagelimit );
}
# Generate CSRF token for upload and delete image buttons
$template->param(
csrf_token => Koha::Token->new->generate_csrf({ session_id => $input->cookie('CGISESSID'),}),
);
if (C4::Context->preference('ExtendedPatronAttributes')) {
my @attributes = $patron->extended_attributes->as_list; # FIXME Must be improved!
my @classes = uniq( map {$_->type->class} @attributes );

2
members/paycollect.pl
View file

@ -282,8 +282,6 @@ $template->param(
borrowernumber => $borrowernumber, # some templates require global
patron => $patron,
total => $total_due,
csrf_token => Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID') } ),
available_additional_fields => [ Koha::AdditionalFields->search({ tablename => 'accountlines:credit' })->as_list ],
);

3
members/two_factor_auth.pl
View file

@ -84,9 +84,6 @@ else {
}
$template->param(
csrf_token => Koha::Token->new->generate_csrf(
{ session_id => scalar $cgi->cookie('CGISESSID') }
),
patron => $logged_in_user,
op => $op,
);

10
opac/opac-alert-subscriptions.pl
View file

@ -23,7 +23,6 @@ use C4::Auth qw( get_template_and_user );
use C4::Context;
use C4::Output qw( output_html_with_http_headers );
use Koha::Patrons;
use Koha::Token;
my $query = CGI->new();
@ -43,13 +42,4 @@ $template->param(
referer => 'patron',
);
my $new_session_id = $query->cookie('CGISESSID');
$template->param(
csrf_token => Koha::Token->new->generate_csrf(
{
session_id => $new_session_id,
}
),
);
output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };

9
opac/opac-memberentry.pl
View file

@ -336,9 +336,6 @@ elsif ( $action eq 'update' ) {
empty_mandatory_fields => \@empty_mandatory_fields,
invalid_form_fields => $invalidformfields,
borrower => \%borrower,
csrf_token => Koha::Token->new->generate_csrf({
session_id => scalar $cgi->cookie('CGISESSID'),
}),
);
$template->param( patron_attribute_classes => GeneratePatronAttributesForm( $borrowernumber, $attributes ) );
@ -384,9 +381,6 @@ elsif ( $action eq 'update' ) {
nochanges => 1,
borrower => $patron->unblessed,
patron_attribute_classes => GeneratePatronAttributesForm( $borrowernumber, $attributes ),
csrf_token => Koha::Token->new->generate_csrf({
session_id => scalar $cgi->cookie('CGISESSID'),
}),
);
}
}
@ -398,9 +392,6 @@ elsif ( $action eq 'edit' ) { #Display logged in borrower's data
$template->param(
borrower => $borrower,
hidden => GetHiddenFields( $mandatory, 'edit' ),
csrf_token => Koha::Token->new->generate_csrf({
session_id => scalar $cgi->cookie('CGISESSID'),
}),
);
if (C4::Context->preference('OPACpatronimages')) {

5
opac/opac-messaging.pl
View file

@ -92,11 +92,6 @@ if( $opac_messaging && C4::Context->preference("SMSSendDriver") eq 'Email' ) {
}
my $new_session_id = $query->cookie('CGISESSID');
$template->param(
csrf_token => Koha::Token->new->generate_csrf({
session_id => $new_session_id,
}),
);
if ( C4::Context->preference('TranslateNotices') ) {
my $translated_languages = C4::Languages::getTranslatedLanguages( 'opac', C4::Context->preference('template') );

2
opac/opac-sendbasket.pl
View file

@ -126,8 +126,6 @@ else {
url => "/cgi-bin/koha/opac-sendbasket.pl",
suggestion => C4::Context->preference("suggestion"),
virtualshelves => C4::Context->preference("virtualshelves"),
csrf_token =>
Koha::Token->new->generate_csrf( { session_id => $new_session_id, } ),
);
output_html_with_http_headers $query, $cookie, $template->output, undef,
{ force_no_caching => 1 };

3
opac/opac-user.pl
View file

@ -181,9 +181,6 @@ $template->param(
surname => $borr->{surname},
RENEW_ERROR => $renew_error,
borrower => $borr,
csrf_token => Koha::Token->new->generate_csrf({
session_id => scalar $query->cookie('CGISESSID'),
}),
);
#get issued items ....

1
opac/sco/sco-main.pl
View file

@ -367,7 +367,6 @@ if ( $patron) {
my $patron_image = $patron->image;
$template->param(
display_patron_image => 1,
csrf_token => Koha::Token->new->generate_csrf( { session_id => scalar $query->cookie('CGISESSID') . $patron->cardnumber, id => $patron->userid } ),
) if $patron_image;
}
} else {

7
tools/import_borrowers.pl
View file

@ -176,13 +176,6 @@ else {
}
$template->param( matchpoints => \@matchpoints );
}
$template->param(
csrf_token => Koha::Token->new->generate_csrf(
{ session_id => scalar $input->cookie('CGISESSID'), }
),
);
}
output_html_with_http_headers $input, $cookie, $template->output;

5
tools/picture-upload.pl
View file

@ -209,11 +209,6 @@ if ( $borrowernumber && !%errors && !$template->param('ERRORS') ) {
"/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber");
}
else {
$template->param(
csrf_token => Koha::Token->new->generate_csrf({
session_id => scalar $input->cookie('CGISESSID'),
}),
);
output_html_with_http_headers $input, $cookie, $template->output;
}