From 8b9fcdae28b5cd12225b455902f3c676f7e63ee0 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 14 Feb 2024 09:45:45 +0100 Subject: [PATCH] Bug 36092: Pass sessionID at the end of get_template_and_user It seems safer to pass the logged in user and session info at the end of the sub. Signed-off-by: Kyle M Hall Signed-off-by: Martin Renvoize (cherry picked from commit 199b47e51220a22110436a2357481dc89d498537) Signed-off-by: Fridolin Somers --- C4/Auth.pm | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 5fe59f43c6..b20a2414fa 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -292,12 +292,12 @@ sub get_template_and_user { } my $borrowernumber; + my $patron; if ($user) { # It's possible for $user to be the borrowernumber if they don't have a # userid defined (and are logging in through some other method, such # as SSL certs against an email address) - my $patron; $borrowernumber = getborrowernumber($user) if defined($user); if ( !defined($borrowernumber) && defined($user) ) { $patron = Koha::Patrons->find( $user ); @@ -313,12 +313,6 @@ sub get_template_and_user { # FIXME What to do if $patron does not exist? } - # user info - $template->param( loggedinusername => $user ); # OBSOLETE - Do not reuse this in template, use logged_in_user.userid instead - $template->param( loggedinusernumber => $borrowernumber ); # FIXME Should be replaced with logged_in_user.borrowernumber - $template->param( logged_in_user => $patron ); - $template->param( sessionID => $sessionID ); - if ( $in->{'type'} eq 'opac' ) { require Koha::Virtualshelves; my $some_private_shelves = Koha::Virtualshelves->get_some_shelves( @@ -407,8 +401,6 @@ sub get_template_and_user { } } - $template->param( sessionID => $sessionID ); - if ( $in->{'type'} eq 'opac' ){ require Koha::Virtualshelves; my $some_public_shelves = Koha::Virtualshelves->get_some_shelves( @@ -632,6 +624,12 @@ sub get_template_and_user { $cookie = $cookie_mgr->replace_in_list( $cookie, $languagecookie ); } + # user info + $template->param( loggedinusername => $user ); # OBSOLETE - Do not reuse this in template, use logged_in_user.userid instead + $template->param( loggedinusernumber => $borrowernumber ); # FIXME Should be replaced with logged_in_user.borrowernumber + $template->param( logged_in_user => $patron ); + $template->param( sessionID => $sessionID ); + return ( $template, $borrowernumber, $cookie, $flags ); } -- 2.39.5