From 130733a0130d4cf2e522956165ee1d2c0557cceb Mon Sep 17 00:00:00 2001 From: Marcel de Rooy Date: Tue, 16 Aug 2016 14:20:36 +0200 Subject: [PATCH] Bug 17109: [QA Follow-up] Die when wrong token Removes template var csrf_error and associated handling. Signed-off-by: Marcel de Rooy Restested with opac and intranet: Still sends or dies elegantly.. Signed-off-by: Jonathan Druart Signed-off-by: Kyle M Hall --- basket/sendbasket.pl | 9 +-------- .../prog/en/modules/basket/sendbasketform.tt | 4 ---- .../bootstrap/en/modules/opac-sendbasketform.tt | 4 ---- opac/opac-sendbasket.pl | 9 +-------- 4 files changed, 2 insertions(+), 24 deletions(-) diff --git a/basket/sendbasket.pl b/basket/sendbasket.pl index f54cabab8b..040ae09377 100755 --- a/basket/sendbasket.pl +++ b/basket/sendbasket.pl @@ -50,19 +50,12 @@ my $email_add = $query->param('email_add'); my $dbh = C4::Context->dbh; -my $csrf_err; if ( $email_add ) { - $csrf_err = 1 unless Koha::Token->new->check_csrf({ + die "Wrong CSRF token" unless Koha::Token->new->check_csrf({ id => C4::Context->userenv->{id}, secret => md5_base64( C4::Context->config('pass') ), token => scalar $query->param('csrf_token'), }); -} - -if( $csrf_err ) { - $template->param( csrf_error => 1, email_add => 1 ); - output_html_with_http_headers $query, $cookie, $template->output; -} elsif ( $email_add ) { my $email = Koha::Email->new(); my %mail = $email->create_message_headers({ to => $email_add }); my $comment = $query->param('comment'); diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt index 07d004d341..b78a650ac8 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt @@ -10,10 +10,6 @@

The cart was sent to: [% email_add |html %]

Close window

[% END %] - [% IF csrf_error %] -

No valid CSRF token!

-

Close window

- [% END %] [% IF ( error ) %]

Problem sending the cart...

[% END %] diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt index e1f8f60df6..fed5013093 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasketform.tt @@ -19,10 +19,6 @@

Close window

[% END %] - [% IF csrf_error %] -

No valid CSRF token!

-

Close window

- [% END %] [% IF ( error ) %]

There was an error sending the cart.

diff --git a/opac/opac-sendbasket.pl b/opac/opac-sendbasket.pl index 6b9ba4334d..77fc370e31 100755 --- a/opac/opac-sendbasket.pl +++ b/opac/opac-sendbasket.pl @@ -52,19 +52,12 @@ my $email_add = $query->param('email_add'); my $dbh = C4::Context->dbh; -my $csrf_err; if ( $email_add ) { - $csrf_err = 1 unless Koha::Token->new->check_csrf({ + die "Wrong CSRF token" unless Koha::Token->new->check_csrf({ id => C4::Context->userenv->{id}, secret => md5_base64( C4::Context->config('pass') ), token => scalar $query->param('csrf_token'), }); -} - -if( $csrf_err ) { - $template->param( csrf_error => 1, email_add => 1 ); - output_html_with_http_headers $query, $cookie, $template->output; -} elsif ( $email_add ) { my $email = Koha::Email->new(); my $user = GetMember(borrowernumber => $borrowernumber); my $user_email = GetFirstValidEmailAddress($borrowernumber) -- 2.39.5