From 289a31371ddbee2d6da89950f9a151171c806b81 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 14 Feb 2024 09:45:45 +0100 Subject: [PATCH] Bug 36092: Pass sessionID at the end of get_template_and_user It seems safer to pass the logged in user and session info at the end of the sub. Signed-off-by: Kyle M Hall Signed-off-by: Martin Renvoize (cherry picked from commit c50372c0b5c490971e4e336541aa85fbb45033d2) Signed-off-by: Aleisha Amohia (cherry picked from commit 2ba597ea70612aec6880a583e9436da2367b5644) --- C4/Auth.pm | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 2096f8a31f..33f69a5152 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -277,12 +277,12 @@ sub get_template_and_user { } my $borrowernumber; + my $patron; if ($user) { # It's possible for $user to be the borrowernumber if they don't have a # userid defined (and are logging in through some other method, such # as SSL certs against an email address) - my $patron; $borrowernumber = getborrowernumber($user) if defined($user); if ( !defined($borrowernumber) && defined($user) ) { $patron = Koha::Patrons->find( $user ); @@ -298,12 +298,6 @@ sub get_template_and_user { # FIXME What to do if $patron does not exist? } - # user info - $template->param( loggedinusername => $user ); # OBSOLETE - Do not reuse this in template, use logged_in_user.userid instead - $template->param( loggedinusernumber => $borrowernumber ); # FIXME Should be replaced with logged_in_user.borrowernumber - $template->param( logged_in_user => $patron ); - $template->param( sessionID => $sessionID ); - if ( $in->{'type'} eq 'opac' ) { require Koha::Virtualshelves; my $some_private_shelves = Koha::Virtualshelves->get_some_shelves( @@ -447,8 +441,6 @@ sub get_template_and_user { } } - $template->param( sessionID => $sessionID ); - if ( $in->{'type'} eq 'opac' ){ require Koha::Virtualshelves; my $some_public_shelves = Koha::Virtualshelves->get_some_shelves( @@ -664,6 +656,12 @@ sub get_template_and_user { $cookie = $cookie_mgr->replace_in_list( $cookie, $languagecookie ); } + # user info + $template->param( loggedinusername => $user ); # OBSOLETE - Do not reuse this in template, use logged_in_user.userid instead + $template->param( loggedinusernumber => $borrowernumber ); # FIXME Should be replaced with logged_in_user.borrowernumber + $template->param( logged_in_user => $patron ); + $template->param( sessionID => $sessionID ); + return ( $template, $borrowernumber, $cookie, $flags ); } -- 2.39.5