Browse Source

Bug 31492: Set CSRF token in circulation.pl

To test:
* Turn on patronimages system preferences
* Go to any patron account
* Hover over the 'dummy image' for the Add button
* Browse and select an image for upload
* Saving results in the following error:

The form submission failed (Wrong CSRF token). Try to come back, refresh the page, then try again.

Apply patch and try again. You shouldn't need to try twice, it should work on the first attempt now.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
master
Lucas Gass 2 weeks ago
committed by Martin Renvoize
parent
commit
f0e6f25428
Signed by: martin.renvoize GPG Key ID: 422B469130441A0F
  1. 6
      circ/circulation.pl

6
circ/circulation.pl

@ -54,6 +54,7 @@ use Koha::Items;
use Koha::SearchEngine;
use Koha::SearchEngine::Search;
use Koha::Patron::Modifications;
use Koha::Token;
use List::MoreUtils qw( uniq );
@ -636,4 +637,9 @@ $template->param(
logged_in_user => $logged_in_user,
);
# Generate CSRF token for upload and delete image buttons
$template->param(
csrf_token => Koha::Token->new->generate_csrf({ session_id => $query->cookie('CGISESSID'),}),
);
output_html_with_http_headers $query, $cookie, $template->output;

Loading…
Cancel
Save