From 7e7159bf58f2dd1172737d0abe4bcfa15237c88e Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 4 Aug 2023 11:15:54 +0200 Subject: [PATCH] Bug 34478: Remove generate_csrf from pl We do not longer need to generate_csrf from pl files TODO - members/boraccount.tt and sco/sco-main.tt needs to be adjusted Bug 34478: [TO SQUASH] Remove generate_csrf from pl Signed-off-by: Jonathan Druart --- Koha/REST/V1/OAuth/Client.pm | 4 ---- authorities/authorities-home.pl | 5 ----- authorities/detail.pl | 1 - basket/sendbasket.pl | 3 --- circ/circulation.pl | 5 ----- ill/ill-requests.pl | 3 --- mainpage.pl | 2 -- members/apikeys.pl | 1 - members/boraccount.pl | 5 ----- members/deletemem.pl | 1 - members/mancredit.pl | 3 --- members/maninvoice.pl | 3 --- members/member-flags.pl | 2 -- members/member-password.pl | 1 - members/memberentry.pl | 5 ----- members/moremember.pl | 5 ----- members/paycollect.pl | 2 -- members/two_factor_auth.pl | 3 --- opac/opac-alert-subscriptions.pl | 10 ---------- opac/opac-memberentry.pl | 9 --------- opac/opac-messaging.pl | 5 ----- opac/opac-sendbasket.pl | 2 -- opac/opac-user.pl | 3 --- opac/sco/sco-main.pl | 1 - tools/import_borrowers.pl | 7 ------- tools/picture-upload.pl | 5 ----- 26 files changed, 96 deletions(-) diff --git a/Koha/REST/V1/OAuth/Client.pm b/Koha/REST/V1/OAuth/Client.pm index ad15a87967..6883ea9a6c 100644 --- a/Koha/REST/V1/OAuth/Client.pm +++ b/Koha/REST/V1/OAuth/Client.pm @@ -94,10 +94,6 @@ sub login { return $c->redirect_to( $uri . "?auth_error=$error" ); } } - else { - # initial request, generate CSRF token - $state = Koha::Token->new->generate_csrf( { session_id => $c->req->cookie('CGISESSID')->value } ); - } return $c->oauth2->get_token_p( $provider => { ( !$is_callback ? ( state => $state ) : () ), redirect_uri => $redirect_url . $provider . "/" . $interface } )->then( sub { diff --git a/authorities/authorities-home.pl b/authorities/authorities-home.pl index 467da48e77..de0be05000 100755 --- a/authorities/authorities-home.pl +++ b/authorities/authorities-home.pl @@ -113,11 +113,6 @@ if ( $op eq "do_search" ) { } $template->param( search_query => $search_query ) if C4::Context->preference('DumpSearchQueryTemplate'); - $template->param( - csrf_token => Koha::Token->new->generate_csrf({ - session_id => scalar $query->cookie('CGISESSID'), - }), - ); # search history if (C4::Context->preference('EnableSearchHistory')) { diff --git a/authorities/detail.pl b/authorities/detail.pl index a95460958b..8915781dbd 100755 --- a/authorities/detail.pl +++ b/authorities/detail.pl @@ -230,7 +230,6 @@ $template->param( authtypetext => $type ? $type->authtypetext: "", authtypecode => $authtypecode, authority_types => $authority_types, - csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $query->cookie('CGISESSID') }), servers => $servers, ); diff --git a/basket/sendbasket.pl b/basket/sendbasket.pl index e863497d32..e15f8a2e1f 100755 --- a/basket/sendbasket.pl +++ b/basket/sendbasket.pl @@ -124,9 +124,6 @@ else { url => "/cgi-bin/koha/basket/sendbasket.pl", suggestion => C4::Context->preference("suggestion"), virtualshelves => C4::Context->preference("virtualshelves"), - csrf_token => Koha::Token->new->generate_csrf( - { session_id => scalar $query->cookie('CGISESSID'), } - ), ); output_html_with_http_headers $query, $cookie, $template->output; } diff --git a/circ/circulation.pl b/circ/circulation.pl index 9296d9e642..a1a264a201 100755 --- a/circ/circulation.pl +++ b/circ/circulation.pl @@ -705,9 +705,4 @@ $template->param( logged_in_user => $logged_in_user, ); -# Generate CSRF token for upload and delete image buttons -$template->param( - csrf_token => Koha::Token->new->generate_csrf({ session_id => $query->cookie('CGISESSID'),}), -); - output_html_with_http_headers $query, $cookie, $template->output; diff --git a/ill/ill-requests.pl b/ill/ill-requests.pl index 2a1ed67848..d6cd2e2354 100755 --- a/ill/ill-requests.pl +++ b/ill/ill-requests.pl @@ -108,9 +108,6 @@ if ( $backends_available ) { $template->param( notices => $notices, request => $request, - csrf_token => Koha::Token->new->generate_csrf({ - session_id => scalar $cgi->cookie('CGISESSID'), - }), ( $params->{tran_error} ? ( tran_error => $params->{tran_error} ) : () ), ( $params->{tran_success} ? diff --git a/mainpage.pl b/mainpage.pl index e1c033f18a..855913ae72 100755 --- a/mainpage.pl +++ b/mainpage.pl @@ -37,7 +37,6 @@ use Koha::Suggestions; use Koha::BackgroundJobs; use Koha::CurbsidePickups; use Koha::Tickets; -use Koha::Token; my $query = CGI->new; @@ -70,7 +69,6 @@ my $koha_news = Koha::AdditionalContents->search_for_display( $template->param( koha_news => $koha_news, - csrf_token => Koha::Token->new->generate_csrf( { session_id => $query->cookie('CGISESSID'), } ), daily_quote => Koha::Quotes->get_daily_quote(), ); diff --git a/members/apikeys.pl b/members/apikeys.pl index 5f1cd271ca..883c194886 100755 --- a/members/apikeys.pl +++ b/members/apikeys.pl @@ -123,7 +123,6 @@ if ($op) { $template->param( api_keys => Koha::ApiKeys->search({ patron_id => $patron_id }), - csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $cgi->cookie('CGISESSID') }), patron => $patron ); diff --git a/members/boraccount.pl b/members/boraccount.pl index 5398f28ea6..086198d4d1 100755 --- a/members/boraccount.pl +++ b/members/boraccount.pl @@ -244,10 +244,6 @@ foreach my $renew_result(@renew_results) { }; } -my $csrf_token = Koha::Token->new->generate_csrf({ - session_id => scalar $input->cookie('CGISESSID'), -}); - $template->param( patron => $patron, finesview => 1, @@ -258,7 +254,6 @@ $template->param( change_given => $change_given, renew_results => $renew_results_display, receipt_sent => $receipt_sent, - csrf_token => $csrf_token, ); output_html_with_http_headers $input, $cookie, $template->output; diff --git a/members/deletemem.pl b/members/deletemem.pl index 31d930cc00..aedc5a6a4a 100755 --- a/members/deletemem.pl +++ b/members/deletemem.pl @@ -114,7 +114,6 @@ $template->param( if ( $op eq 'delete_confirm' or $countissues > 0 or $debits or $is_guarantor ) { $template->param( op => 'delete_confirm', - csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }), ); } elsif ( $op eq 'delete_confirmed' ) { diff --git a/members/mancredit.pl b/members/mancredit.pl index e77c82defc..bd422863fb 100755 --- a/members/mancredit.pl +++ b/members/mancredit.pl @@ -141,9 +141,6 @@ else { patron => $patron, credit_types => \@credit_types, finesview => 1, - csrf_token => Koha::Token->new->generate_csrf( - { session_id => scalar $input->cookie('CGISESSID') } - ), available_additional_fields => [ Koha::AdditionalFields->search({ tablename => 'accountlines:credit' })->as_list ], ); output_html_with_http_headers $input, $cookie, $template->output; diff --git a/members/maninvoice.pl b/members/maninvoice.pl index 01464cf3a4..e622c553fa 100755 --- a/members/maninvoice.pl +++ b/members/maninvoice.pl @@ -227,9 +227,6 @@ my $debit_types = Koha::Account::DebitTypes->search_with_library_limits( $template->param( debit_types => $debit_types, - csrf_token => Koha::Token->new->generate_csrf( - { session_id => scalar $input->cookie('CGISESSID') } - ), patron => $patron, finesview => 1, available_additional_fields => [ Koha::AdditionalFields->search({ tablename => 'accountlines:debit' })->as_list ], diff --git a/members/member-flags.pl b/members/member-flags.pl index 900a176ad5..3aa500b1c0 100755 --- a/members/member-flags.pl +++ b/members/member-flags.pl @@ -181,8 +181,6 @@ if ($input->param('newflags')) { $template->param( patron => $patron, loop => \@loop, - csrf_token => - Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID'), } ), disable_superlibrarian_privs => C4::Context->preference('ProtectSuperlibrarianPrivileges') ? !C4::Context->IsSuperLibrarian : 0, ); diff --git a/members/member-password.pl b/members/member-password.pl index d44f29d0f7..9b6ebd23b6 100755 --- a/members/member-password.pl +++ b/members/member-password.pl @@ -97,7 +97,6 @@ if ( $newpassword and not @errors) { $template->param( patron => $patron, destination => $destination, - csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID'), }), ); if ( scalar(@errors) ) { diff --git a/members/memberentry.pl b/members/memberentry.pl index 57e780cfec..76086cb411 100755 --- a/members/memberentry.pl +++ b/members/memberentry.pl @@ -809,11 +809,6 @@ $template->param( CanUpdatePasswordExpiration => $CanUpdatePasswordExpiration, ); -# Generate CSRF token -$template->param( csrf_token => - Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID'), } ), -); - # HouseboundModule data $template->param( housebound_role => Koha::Patron::HouseboundRoles->find($borrowernumber), diff --git a/members/moremember.pl b/members/moremember.pl index 2f70c48705..58822ce5bb 100755 --- a/members/moremember.pl +++ b/members/moremember.pl @@ -132,11 +132,6 @@ if ( !$patron->is_valid_age ) { $template->param( age_high => $patron->category->upperagelimit ); } -# Generate CSRF token for upload and delete image buttons -$template->param( - csrf_token => Koha::Token->new->generate_csrf({ session_id => $input->cookie('CGISESSID'),}), -); - if (C4::Context->preference('ExtendedPatronAttributes')) { my @attributes = $patron->extended_attributes->as_list; # FIXME Must be improved! my @classes = uniq( map {$_->type->class} @attributes ); diff --git a/members/paycollect.pl b/members/paycollect.pl index b189107f25..e90358ddd6 100755 --- a/members/paycollect.pl +++ b/members/paycollect.pl @@ -282,8 +282,6 @@ $template->param( borrowernumber => $borrowernumber, # some templates require global patron => $patron, total => $total_due, - - csrf_token => Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID') } ), available_additional_fields => [ Koha::AdditionalFields->search({ tablename => 'accountlines:credit' })->as_list ], ); diff --git a/members/two_factor_auth.pl b/members/two_factor_auth.pl index 81220c4b27..5a1e28860d 100755 --- a/members/two_factor_auth.pl +++ b/members/two_factor_auth.pl @@ -84,9 +84,6 @@ else { } $template->param( - csrf_token => Koha::Token->new->generate_csrf( - { session_id => scalar $cgi->cookie('CGISESSID') } - ), patron => $logged_in_user, op => $op, ); diff --git a/opac/opac-alert-subscriptions.pl b/opac/opac-alert-subscriptions.pl index f6fd488d8e..86d1385f45 100755 --- a/opac/opac-alert-subscriptions.pl +++ b/opac/opac-alert-subscriptions.pl @@ -23,7 +23,6 @@ use C4::Auth qw( get_template_and_user ); use C4::Context; use C4::Output qw( output_html_with_http_headers ); use Koha::Patrons; -use Koha::Token; my $query = CGI->new(); @@ -43,13 +42,4 @@ $template->param( referer => 'patron', ); -my $new_session_id = $query->cookie('CGISESSID'); -$template->param( - csrf_token => Koha::Token->new->generate_csrf( - { - session_id => $new_session_id, - } - ), -); - output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 }; diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl index 51f03fca19..c7dcba0fd0 100755 --- a/opac/opac-memberentry.pl +++ b/opac/opac-memberentry.pl @@ -336,9 +336,6 @@ elsif ( $action eq 'update' ) { empty_mandatory_fields => \@empty_mandatory_fields, invalid_form_fields => $invalidformfields, borrower => \%borrower, - csrf_token => Koha::Token->new->generate_csrf({ - session_id => scalar $cgi->cookie('CGISESSID'), - }), ); $template->param( patron_attribute_classes => GeneratePatronAttributesForm( $borrowernumber, $attributes ) ); @@ -384,9 +381,6 @@ elsif ( $action eq 'update' ) { nochanges => 1, borrower => $patron->unblessed, patron_attribute_classes => GeneratePatronAttributesForm( $borrowernumber, $attributes ), - csrf_token => Koha::Token->new->generate_csrf({ - session_id => scalar $cgi->cookie('CGISESSID'), - }), ); } } @@ -398,9 +392,6 @@ elsif ( $action eq 'edit' ) { #Display logged in borrower's data $template->param( borrower => $borrower, hidden => GetHiddenFields( $mandatory, 'edit' ), - csrf_token => Koha::Token->new->generate_csrf({ - session_id => scalar $cgi->cookie('CGISESSID'), - }), ); if (C4::Context->preference('OPACpatronimages')) { diff --git a/opac/opac-messaging.pl b/opac/opac-messaging.pl index 3fef7eb862..fd239a7614 100755 --- a/opac/opac-messaging.pl +++ b/opac/opac-messaging.pl @@ -92,11 +92,6 @@ if( $opac_messaging && C4::Context->preference("SMSSendDriver") eq 'Email' ) { } my $new_session_id = $query->cookie('CGISESSID'); -$template->param( - csrf_token => Koha::Token->new->generate_csrf({ - session_id => $new_session_id, - }), -); if ( C4::Context->preference('TranslateNotices') ) { my $translated_languages = C4::Languages::getTranslatedLanguages( 'opac', C4::Context->preference('template') ); diff --git a/opac/opac-sendbasket.pl b/opac/opac-sendbasket.pl index d0ff9fc53a..9ffb46a220 100755 --- a/opac/opac-sendbasket.pl +++ b/opac/opac-sendbasket.pl @@ -126,8 +126,6 @@ else { url => "/cgi-bin/koha/opac-sendbasket.pl", suggestion => C4::Context->preference("suggestion"), virtualshelves => C4::Context->preference("virtualshelves"), - csrf_token => - Koha::Token->new->generate_csrf( { session_id => $new_session_id, } ), ); output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 }; diff --git a/opac/opac-user.pl b/opac/opac-user.pl index 5c7296b201..f053ed65e6 100755 --- a/opac/opac-user.pl +++ b/opac/opac-user.pl @@ -181,9 +181,6 @@ $template->param( surname => $borr->{surname}, RENEW_ERROR => $renew_error, borrower => $borr, - csrf_token => Koha::Token->new->generate_csrf({ - session_id => scalar $query->cookie('CGISESSID'), - }), ); #get issued items .... diff --git a/opac/sco/sco-main.pl b/opac/sco/sco-main.pl index 45d46b7d47..7f970717c8 100755 --- a/opac/sco/sco-main.pl +++ b/opac/sco/sco-main.pl @@ -367,7 +367,6 @@ if ( $patron) { my $patron_image = $patron->image; $template->param( display_patron_image => 1, - csrf_token => Koha::Token->new->generate_csrf( { session_id => scalar $query->cookie('CGISESSID') . $patron->cardnumber, id => $patron->userid } ), ) if $patron_image; } } else { diff --git a/tools/import_borrowers.pl b/tools/import_borrowers.pl index a02f14dc40..ffa452b795 100755 --- a/tools/import_borrowers.pl +++ b/tools/import_borrowers.pl @@ -176,13 +176,6 @@ else { } $template->param( matchpoints => \@matchpoints ); } - - $template->param( - csrf_token => Koha::Token->new->generate_csrf( - { session_id => scalar $input->cookie('CGISESSID'), } - ), - ); - } output_html_with_http_headers $input, $cookie, $template->output; diff --git a/tools/picture-upload.pl b/tools/picture-upload.pl index 1f4c62b5de..b1d09a6c88 100755 --- a/tools/picture-upload.pl +++ b/tools/picture-upload.pl @@ -209,11 +209,6 @@ if ( $borrowernumber && !%errors && !$template->param('ERRORS') ) { "/cgi-bin/koha/members/moremember.pl?borrowernumber=$borrowernumber"); } else { - $template->param( - csrf_token => Koha::Token->new->generate_csrf({ - session_id => scalar $input->cookie('CGISESSID'), - }), - ); output_html_with_http_headers $input, $cookie, $template->output; } -- 2.39.5