From b9140b31a5cd0f9842aaa65b576a9f3488a0fe0e Mon Sep 17 00:00:00 2001 From: Lucas Gass Date: Fri, 13 Jan 2023 19:01:55 +0000 Subject: [PATCH] Bug 31492: Set CSRF token in circulation.pl To test: * Turn on patronimages system preferences * Go to any patron account * Hover over the 'dummy image' for the Add button * Browse and select an image for upload * Saving results in the following error: The form submission failed (Wrong CSRF token). Try to come back, refresh the page, then try again. Apply patch and try again. You shouldn't need to try twice, it should work on the first attempt now. Signed-off-by: David Nind Signed-off-by: David Cook Signed-off-by: Martin Renvoize (cherry picked from commit f0e6f25428a997076d29dd3daeb905befed254f8) Signed-off-by: Jacob O'Mara (cherry picked from commit 11d88ba12ff14a41a1d998d0286b258e356dd64a) Signed-off-by: Lucas Gass (cherry picked from commit 715afc2826f9794af3b47c652f02c1d3438ebae1) Signed-off-by: Arthur Suzuki --- circ/circulation.pl | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/circ/circulation.pl b/circ/circulation.pl index 79d42ae47c..fed014feb0 100755 --- a/circ/circulation.pl +++ b/circ/circulation.pl @@ -54,6 +54,7 @@ use Koha::Items; use Koha::SearchEngine; use Koha::SearchEngine::Search; use Koha::Patron::Modifications; +use Koha::Token; use List::MoreUtils qw( uniq ); @@ -618,4 +619,9 @@ $template->param( logged_in_user => $logged_in_user, ); +# Generate CSRF token for upload and delete image buttons +$template->param( + csrf_token => Koha::Token->new->generate_csrf({ session_id => $query->cookie('CGISESSID'),}), +); + output_html_with_http_headers $query, $cookie, $template->output; -- 2.39.5