From c50372c0b5c490971e4e336541aa85fbb45033d2 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 14 Feb 2024 09:45:45 +0100 Subject: [PATCH] Bug 36092: Pass sessionID at the end of get_template_and_user It seems safer to pass the logged in user and session info at the end of the sub. Signed-off-by: Kyle M Hall Signed-off-by: Martin Renvoize --- C4/Auth.pm | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index b97cce2412..3abc894b2e 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -291,12 +291,12 @@ sub get_template_and_user { } my $borrowernumber; + my $patron; if ($user) { # It's possible for $user to be the borrowernumber if they don't have a # userid defined (and are logging in through some other method, such # as SSL certs against an email address) - my $patron; $borrowernumber = getborrowernumber($user) if defined($user); if ( !defined($borrowernumber) && defined($user) ) { $patron = Koha::Patrons->find( $user ); @@ -312,12 +312,6 @@ sub get_template_and_user { # FIXME What to do if $patron does not exist? } - # user info - $template->param( loggedinusername => $user ); # OBSOLETE - Do not reuse this in template, use logged_in_user.userid instead - $template->param( loggedinusernumber => $borrowernumber ); # FIXME Should be replaced with logged_in_user.borrowernumber - $template->param( logged_in_user => $patron ); - $template->param( sessionID => $sessionID ); - if ( $in->{'type'} eq 'opac' ) { require Koha::Virtualshelves; my $some_private_shelves = Koha::Virtualshelves->get_some_shelves( @@ -406,8 +400,6 @@ sub get_template_and_user { } } - $template->param( sessionID => $sessionID ); - if ( $in->{'type'} eq 'opac' ){ require Koha::Virtualshelves; my $some_public_shelves = Koha::Virtualshelves->get_some_shelves( @@ -632,6 +624,12 @@ sub get_template_and_user { $cookie = $cookie_mgr->replace_in_list( $cookie, $languagecookie ); } + # user info + $template->param( loggedinusername => $user ); # OBSOLETE - Do not reuse this in template, use logged_in_user.userid instead + $template->param( loggedinusernumber => $borrowernumber ); # FIXME Should be replaced with logged_in_user.borrowernumber + $template->param( logged_in_user => $patron ); + $template->param( sessionID => $sessionID ); + return ( $template, $borrowernumber, $cookie, $flags ); } -- 2.39.5