From bad18ee246e77bcbc41810a6594676d69408df92 Mon Sep 17 00:00:00 2001
From: Fridolin Somers <fridolin.somers@biblibre.com>
Date: Tue, 23 Jun 2015 17:45:30 +0200
Subject: [PATCH] =?utf8?q?=C2=A0Bug=2014440:=20get=5Ftemplate=5Fand=5Fuser?=
 =?utf8?q?=20can=20not=20have=20an=20empty=20template=5Fname=20(opac-ratin?=
 =?utf8?q?gs.pl)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects opac/opac-ratings.pl

Test plan :
- Apply patch
- Set sysopref OpacStarRatings to 'results and details'
- Disable Javascipt on your browser (otherwise it will use ajax)
- Login at OPAC
- Go to a record
- Click on a button left of 'Rate me' to choose a rating, ie 4
- Click on 'Rate me'
=> The page is reloaded and you see 'your rating: 4'
- Loggout from OPAC
- Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl
=> You see the loggin page

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Mason James <mtj@kohaaloha.com>
---
 .../bootstrap/en/modules/opac-detail.tt       |  1 -
 opac/opac-ratings.pl                          | 23 ++++++-------------
 2 files changed, 7 insertions(+), 17 deletions(-)

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
index f7c37dc3fd..536dc973f2 100644
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
@@ -475,7 +475,6 @@
                                 <!-- define some hidden vars for ratings -->
 
                                 <input  type="hidden" name='biblionumber'  value="[% biblionumber %]" />
-                                <input  type="hidden" name='borrowernumber'  value="[% borrowernumber %]" />
                                 <input  type="hidden" name='rating_value' id='rating_value' value="[% rating_value %]" />
                                 <input  type="hidden" name='rating_total' id='rating_total' value="[% rating_total %]" />
                                 <input  type="hidden" name='rating_avg_int' id='rating_avg_int' value="[% rating_avg_int %]" />
diff --git a/opac/opac-ratings.pl b/opac/opac-ratings.pl
index b2bcf6fed9..a765608601 100755
--- a/opac/opac-ratings.pl
+++ b/opac/opac-ratings.pl
@@ -27,28 +27,19 @@ note: there is currently no 'delete rating' functionality in this script
 
 use strict;
 use warnings;
-use CGI;
+use CGI qw ( -utf8 );
 use CGI::Cookie;
-use C4::Auth qw(:DEFAULT check_cookie_auth);
+
+use C4::Auth;
 use C4::Context;
-use C4::Output;
-use C4::Dates qw(format_date);
-use C4::Biblio;
 use C4::Ratings;
 use C4::Debug;
 
 my $query = CGI->new();
-my $a     = $query->Vars;
-####  $a
-my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
-    {
-        template_name   => "",
-        query           => $query,
-        type            => "opac",
-        authnotrequired => 0,        # auth required to add tags
-        debug           => 0,
-    }
-);
+
+# auth required to add ratings
+my ($userid, $cookie, $sessionID) = checkauth( $query, 0, {}, 'opac' );
+my $loggedinuser = C4::Context->userenv->{'number'};
 
 my $biblionumber     = $query->param('biblionumber');
 my $rating_old_value = $query->param('rating_value');
-- 
2.39.5