From bc2bb899304e79f58ad17d5b95107a561c86dac9 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Fri, 9 Feb 2024 11:02:51 +0100 Subject: [PATCH] Bug 34478: (follow-up) Remove check_csrf from pl files Signed-off-by: Jonathan Druart --- members/deletemem.pl | 5 ----- tools/picture-upload.pl | 12 ------------ 2 files changed, 17 deletions(-) diff --git a/members/deletemem.pl b/members/deletemem.pl index 6d947611df..078296540d 100755 --- a/members/deletemem.pl +++ b/members/deletemem.pl @@ -117,11 +117,6 @@ if ( $op eq 'delete_confirm' or $countissues > 0 or $debits or $is_guarantor ) { ); } elsif ( $op eq 'cud-delete_confirmed' ) { - output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' ) - unless Koha::Token->new->check_csrf( { - session_id => $input->cookie('CGISESSID'), - token => scalar $input->param('csrf_token'), - }); my $patron = Koha::Patrons->find( $member ); diff --git a/tools/picture-upload.pl b/tools/picture-upload.pl index 4eff4bd9b6..1c0cf9a725 100755 --- a/tools/picture-upload.pl +++ b/tools/picture-upload.pl @@ -87,12 +87,6 @@ our %errors = (); # Case is important in these operational values as the template must use case to be visually pleasing! if ( ( $op eq 'cud-Upload' ) && ($uploadfile || $uploadfiletext) ) { - output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' ) - unless Koha::Token->new->check_csrf({ - session_id => scalar $input->cookie('CGISESSID'), - token => scalar $input->param('csrf_token'), - }); - my $dirname = File::Temp::tempdir( CLEANUP => 1 ); my $filesuffix; if ( $uploadfilename =~ m/(\..+)$/i ) { @@ -191,12 +185,6 @@ elsif ( ( $op eq 'cud-Upload' ) && !$uploadfile ) { $template->param( filetype => $filetype ); } elsif ( $op eq 'Delete' ) { - output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' ) - unless Koha::Token->new->check_csrf({ - session_id => scalar $input->cookie('CGISESSID'), - token => scalar $input->param('csrf_token'), - }); - my $deleted = eval { Koha::Patron::Images->find( $borrowernumber )->delete; }; -- 2.39.5