From 65a434928869a06d56723b9431299f381da3f634 Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Mon, 4 Mar 2024 17:44:59 -0300 Subject: [PATCH] Bug 36193: Fix acq receiving This patch addresses the CSRF error when receiving in acquisitions. To test: 1. Have at least one order to receive 2. Follow the steps to receive them 3. Have the logs open: $ ktd --shell k$ tail -f /var/log/koha/kohadev/*.log 4. Click to confirm receipt => FAIL: An error modal is displayed => FAIL: There's an error about missing CSRF token in POST 5. Apply this patch 6. Reload everything: k$ restart_all 7. Repeat 1-4 => SUCCESS: Receipt works :-D => SUCCESS: No error log 8. Sign off :-D Signed-off-by: Tomas Cohen Arazi Signed-off-by: Nick Clemens Signed-off-by: Katrin Fischer --- acqui/finishreceive.pl | 9 +++++++-- .../intranet-tmpl/prog/en/modules/acqui/orderreceive.tt | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/acqui/finishreceive.pl b/acqui/finishreceive.pl index a9803b8542..8419ac30be 100755 --- a/acqui/finishreceive.pl +++ b/acqui/finishreceive.pl @@ -36,9 +36,14 @@ use Koha::Number::Price; use Koha::Acquisition::Booksellers; use Koha::Acquisition::Orders; +my $input = CGI->new; -my $input=CGI->new; -my $flagsrequired = {acquisition => 'order_receive'}; +if ( $input->request_method ne "POST" ) { + print $input->header( -status => 400 ); + exit; +} + +my $flagsrequired = { acquisition => 'order_receive' }; checkauth($input, 0, $flagsrequired, 'intranet'); diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/orderreceive.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/orderreceive.tt index 1a13f058f7..9e6f5f7192 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/orderreceive.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/acqui/orderreceive.tt @@ -681,6 +681,7 @@ [% END %] var _doSave = function(params) { + params.data.csrf_token = $('meta[name="csrf-token"]').attr('content'); $.ajax($.extend({ method: 'POST', url: '/cgi-bin/koha/acqui/finishreceive.pl' -- 2.39.5