From be2b61f9e510a3bca629e12422a4e3529a9e473d Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Mon, 5 Sep 2016 10:44:06 +0100 Subject: [PATCH] Bug 17146: Raise Wrong CSRF token warnin for the 'Delete' action Signed-off-by: Marcel de Rooy Signed-off-by: Kyle M Hall --- tools/picture-upload.pl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/picture-upload.pl b/tools/picture-upload.pl index 6aeed8ace3..7e403bba71 100755 --- a/tools/picture-upload.pl +++ b/tools/picture-upload.pl @@ -173,6 +173,13 @@ elsif ( ( $op eq 'Upload' ) && !$uploadfile ) { $template->param( filetype => $filetype ); } elsif ( $op eq 'Delete' ) { + die "Wrong CSRF token" + unless Koha::Token->new->check_csrf({ + id => C4::Context->userenv->{id}, + secret => md5_base64( C4::Context->config('pass') ), + token => scalar $input->param('csrf_token'), + }); + my $deleted = eval { Koha::Patron::Images->find( $borrowernumber )->delete; }; -- 2.39.5