From e4c7f15c3fd6f6741f9960bb9d6da2f987f879f4 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 30 Jan 2024 12:13:36 +0100 Subject: [PATCH] Bug 34478: Log if CSRF is wrong (debug) Signed-off-by: Jonathan Druart --- C4/Auth.pm | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 4cf7f7659b..9c541d8af8 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -644,13 +644,18 @@ sub get_template_and_user { my $op = $in->{query}->param('op'); if ( defined $op && $op =~ m{^cud-} ) { - C4::Output::output_and_exit( $in->{query}, $cookie, $template, 'wrong_csrf_token' ) - unless Koha::Token->new->check_csrf( - { - session_id => scalar $in->{query}->cookie('CGISESSID'), - token => scalar $in->{query}->param('csrf_token'), - } - ); + unless ( + Koha::Token->new->check_csrf( + { + session_id => scalar $in->{query}->cookie('CGISESSID'), + token => scalar $in->{query}->param('csrf_token'), + } + ) + ) + { + Koha::Logger->get->debug("The form submission failed (Wrong CSRF token)."); + C4::Output::output_and_exit( $in->{query}, $cookie, $template, 'wrong_csrf_token' ); + } } return ( $template, $borrowernumber, $cookie, $flags ); -- 2.39.5