Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)

Since Bug 14408, the method get_template_and_user can not have an empty template_name. Pages calling with an empty value should use C4::Auth::checkauth() This patch corrects opac/opac-ratings.pl Test plan : - Apply patch - Set sysopref OpacStarRatings to 'results and details' - Disable Javascipt on your browser (otherwise it will use ajax) - Login at OPAC - Go to a record - Click on a button left of 'Rate me' to choose a rating, ie 4 - Click on 'Rate me' => The page is reloaded and you see 'your rating: 4' - Loggout from OPAC - Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl => You see the loggin page Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-06-23 17:45:30 +02:00 · 2015-06-23 17:45:30 +02:00 · f1acb5615d
commit f1acb5615d
parent 015c26a5e3
2 changed files with 6 additions and 17 deletions
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
@ -498,7 +498,6 @@
                                <!-- define some hidden vars for ratings -->

                                <input  type="hidden" name='biblionumber'  value="[% biblionumber %]" />
-                                <input  type="hidden" name='borrowernumber'  value="[% borrowernumber %]" />
                                <input  type="hidden" name='rating_value' id='rating_value' value="[% rating_value %]" />
                                <input  type="hidden" name='rating_total' id='rating_total' value="[% rating_total %]" />
                                <input  type="hidden" name='rating_avg_int' id='rating_avg_int' value="[% rating_avg_int %]" />
--- a/opac/opac-ratings.pl
+++ b/opac/opac-ratings.pl
@ -28,27 +28,17 @@ note: there is currently no 'delete rating' functionality in this script
 use strict;
 use warnings;
 use CGI qw ( -utf8 );
-use CGI::Cookie;
-use C4::Auth qw(:DEFAULT check_cookie_auth);
+
+use C4::Auth;
 use C4::Context;
-use C4::Output;
-use C4::Dates qw(format_date);
-use C4::Biblio;
 use C4::Ratings;
 use C4::Debug;

 my $query = CGI->new();
-my $a     = $query->Vars;
-####  $a
-my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
-    {
-        template_name   => "",
-        query           => $query,
-        type            => "opac",
-        authnotrequired => 0,        # auth required to add tags
-        debug           => 0,
-    }
-);
+
+# auth required to add ratings
+my ($userid, $cookie, $sessionID) = checkauth( $query, 0, {}, 'opac' );
+my $loggedinuser = C4::Context->userenv->{'number'};

 my $biblionumber     = $query->param('biblionumber');
 my $rating_old_value = $query->param('rating_value');