From f028eb20b6fcc2b8976a191bb37d9db04dd6ed1b Mon Sep 17 00:00:00 2001
From: Mason James <mtj@kohaaloha.com>
Date: Wed, 3 May 2017 20:20:50 +1200
Subject: [PATCH] revert buggy CSRF in opac/opac-memberentry.pl

---
 opac/opac-memberentry.pl | 22 +---------------------
 1 file changed, 1 insertion(+), 21 deletions(-)

diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl
index d1b66158e3..bb30a61405 100755
--- a/opac/opac-memberentry.pl
+++ b/opac/opac-memberentry.pl
@@ -19,11 +19,7 @@ use Modern::Perl;
 
 use CGI qw ( -utf8 );
 use Digest::MD5 qw( md5_base64 md5_hex );
-use JSON;
-use List::MoreUtils qw( any each_array uniq );
 use String::Random qw( random_string );
-use HTML::Entities;
-
 use C4::Auth;
 use C4::Output;
 use C4::Members;
@@ -35,7 +31,6 @@ use C4::Scrubber;
 use Email::Valid;
 use Koha::DateUtils;
 use Koha::Patron::Images;
-use Koha::Token;
 
 my $cgi = new CGI;
 my $dbh = C4::Context->dbh;
@@ -184,12 +179,6 @@ if ( $action eq 'create' ) {
 elsif ( $action eq 'update' ) {
 
     my $borrower = GetMember( borrowernumber => $borrowernumber );
-    die "Wrong CSRF token"
-        unless Koha::Token->new->check_csrf({
-            session_id => scalar $cgi->cookie('CGISESSID'),
-            token  => scalar $cgi->param('csrf_token'),
-        });
-
     my %borrower = ParseCgiForBorrower($cgi);
 
     my %borrower_changes = DelEmptyFields(%borrower);
@@ -204,10 +193,7 @@ elsif ( $action eq 'update' ) {
         $template->param(
             empty_mandatory_fields => \@empty_mandatory_fields,
             invalid_form_fields    => $invalidformfields,
-            borrower               => \%borrower,
-            csrf_token             => Koha::Token->new->generate_csrf({
-                session_id => scalar $cgi->cookie('CGISESSID'),
-            }),
+            borrower               => \%borrower
         );
 
         $template->param( action => 'edit' );
@@ -239,9 +225,6 @@ elsif ( $action eq 'update' ) {
                 action => 'edit',
                 nochanges => 1,
                 borrower => GetMember( borrowernumber => $borrowernumber ),
-                csrf_token => Koha::Token->new->generate_csrf({
-                    session_id => scalar $cgi->cookie('CGISESSID'),
-                }),
             );
         }
     }
@@ -261,9 +244,6 @@ elsif ( $action eq 'edit' ) {    #Display logged in borrower's data
         borrower  => $borrower,
         guarantor => scalar Koha::Patrons->find($borrowernumber)->guarantor(),
         hidden => GetHiddenFields( $mandatory, 'modification' ),
-        csrf_token => Koha::Token->new->generate_csrf({
-            session_id => scalar $cgi->cookie('CGISESSID'),
-        }),
     );
 
     if (C4::Context->preference('OPACpatronimages')) {
-- 
2.39.5