From 9e263c79db8e36826acf8427a70f6c1936750b36 Mon Sep 17 00:00:00 2001 From: Lucas Gass Date: Fri, 28 Jul 2023 14:51:25 +0000 Subject: [PATCH] Bug 34368: Add CSRF token to Content Management pages Signed-off-by: Tomas Cohen Arazi (cherry picked from commit eec0fb831a55b60ae847fe39d102253d82b03f4f) Signed-off-by: danyonsewell --- .../prog/en/modules/tools/additional-contents.tt | 2 ++ tools/additional-contents.pl | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/additional-contents.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/additional-contents.tt index f3fac96fce..0ad6bcb818 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/tools/additional-contents.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/tools/additional-contents.tt @@ -181,6 +181,7 @@
+ [% INCLUDE 'csrf-token.inc' %] @@ -398,6 +399,7 @@
+ [% INCLUDE 'csrf-token.inc' %] diff --git a/tools/additional-contents.pl b/tools/additional-contents.pl index 7dabc9c4e5..1a58090806 100755 --- a/tools/additional-contents.pl +++ b/tools/additional-contents.pl @@ -28,7 +28,7 @@ use C4::Auth qw(get_template_and_user); use C4::Koha; use C4::Context; use C4::Log qw( logaction ); -use C4::Output qw(output_html_with_http_headers); +use C4::Output qw(output_html_with_http_headers output_and_exit_if_error); use C4::Languages qw(getTranslatedLanguages); use Koha::DateUtils qw( dt_from_string output_pref ); @@ -84,6 +84,7 @@ if ( $op eq 'add_form' ) { ); } elsif ( $op eq 'add_validate' ) { + output_and_exit_if_error($cgi, $cookie, $template, { check => 'csrf_token' }); my $location = $cgi->param('location'); my $code = $cgi->param('code'); my $branchcode = $cgi->param('branchcode') || undef; @@ -199,6 +200,7 @@ elsif ( $op eq 'add_validate' ) { } } elsif ( $op eq 'delete_confirmed' ) { + output_and_exit_if_error($cgi, $cookie, $template, { check => 'csrf_token' }); my @ids = $cgi->multi_param('ids'); my $deleted = eval { -- 2.39.5