From 789bdc2a489ebdc8984299add2b9081965b75605 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20Demians?= <f.demians@tamil.fr>
Date: Thu, 23 May 2024 06:43:42 +0000
Subject: [PATCH] Revert "Bug 36532: Protect opac-dismiss-message.pl from
 malicious usages"

This reverts commit 2278d229e899cd279f62addd8275365718ad8cbb.
---
 .../bootstrap/en/includes/opac-note.inc         |  6 ------
 opac/opac-routing-lists.pl                      | 17 +----------------
 2 files changed, 1 insertion(+), 22 deletions(-)

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-note.inc b/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-note.inc
index 6352ff912c..22e6a068ce 100644
--- a/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-note.inc
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/includes/opac-note.inc
@@ -7,12 +7,6 @@
                     <strong>[% message.message | html | html_line_break %]</strong><br>
                     &nbsp;&nbsp;&nbsp;<em>Written on [% message.message_date | $KohaDates %] by [% Branches.GetName(message.branchcode) | html %]</em>
                 </li>
-                <form id="dismiss-message-form" action="/cgi-bin/koha/opac-dismiss-message.pl" method="post">
-                    [% INCLUDE 'csrf-token.inc' %]
-                    <input type="hidden" name="message_id" value="[% message.message_id | html %]">
-                    <input type="hidden" name="op" value="cud-update" />
-                    <button type="submit" class="dismiss-message-button btn btn-primary"><i class="fa fa-trash" aria-hidden="true"></i> Dismiss</button>
-                </form>
             [% END %]
 
             [% IF ( opacnote ) %]<li>[% opacnote | html | html_line_break %]</li>[% END %]
diff --git a/opac/opac-routing-lists.pl b/opac/opac-routing-lists.pl
index 48e6383dfd..299bb29e78 100755
--- a/opac/opac-routing-lists.pl
+++ b/opac/opac-routing-lists.pl
@@ -39,22 +39,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
     }
 );
 
-my $logged_in_user = Koha::Patrons->find($borrowernumber);
-my $message_id     = $query->param('message_id');
-my $message        = $logged_in_user->messages->find($message_id);
-
-unless ($message) {
-    print $query->redirect("/cgi-bin/koha/errors/404.pl");
-    exit;
-}
-
-unless ( $op =~ /^cud-/ && $message ) {
-    # exit early
-    print $query->redirect("/cgi-bin/koha/opac-user.pl");
-    exit;
-}
-
-$message->update({ patron_read_date => dt_from_string });
+my $patron = Koha::Patrons->find( $borrowernumber );
 
 $template->param(
     routinglistsview => 1,
-- 
2.39.5