From 4390b7be0440749aba111cd27de343a9c86d9564 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 29 Jul 2021 11:16:40 +0200 Subject: [PATCH] Bug 28785: Adjust check_cookie_auth calls The previous patch makes check_cookie_auth return the session instead of $sessionID, so we are adjusting the different calls to prevent confusion. However they are mainly used to check the authentication status and don't care about this second variable. Signed-off-by: Owen Leonard Signed-off-by: Martin Renvoize Signed-off-by: Jonathan Druart --- Koha/REST/V1/Auth.pm | 3 +-- admin/import_export_framework.pl | 4 ++-- authorities/merge_ajax.pl | 2 +- authorities/ysearch.pl | 2 +- cataloguing/merge_ajax.pl | 2 +- cataloguing/ysearch.pl | 2 +- circ/ysearch.pl | 2 +- offline_circ/service.pl | 2 +- opac/opac-patron-image.pl | 2 +- opac/opac-ratings-ajax.pl | 2 +- opac/opac-tags.pl | 2 +- opac/svc/checkout_notes | 2 +- opac/svc/club/cancel_enrollment | 2 +- opac/svc/club/enroll | 2 +- plugins/plugins-enable.pl | 2 +- serials/create-numberpattern.pl | 2 +- serials/subscription-frequency.pl | 2 +- serials/subscription-numberpattern.pl | 2 +- svc/article_request | 2 +- svc/authorised_values | 1 - svc/barcode | 2 +- svc/cataloguing/automatic_linker.pl | 2 +- svc/checkin | 2 +- svc/checkout_notes | 2 +- svc/checkouts | 5 ++--- svc/club/cancel_enrollment | 2 +- svc/club/delete | 2 +- svc/club/enroll | 2 +- svc/club/template/delete | 2 +- svc/cover_images | 2 +- svc/creator_batches | 2 +- svc/hold/resume | 2 +- svc/hold/suspend | 2 +- svc/holds | 2 +- svc/mana/increment | 2 +- svc/mana/search | 2 +- svc/mana/share | 2 +- svc/mana/use | 2 +- svc/members/add_to_list | 2 +- svc/problem_reports | 2 +- svc/renew | 2 +- svc/return_claims | 5 ++--- tags/review.pl | 2 +- tools/background-job-progress.pl | 3 ++- tools/batch_records_ajax.pl | 2 +- tools/upload-file.pl | 2 +- 46 files changed, 49 insertions(+), 52 deletions(-) diff --git a/Koha/REST/V1/Auth.pm b/Koha/REST/V1/Auth.pm index 2361aae361..e773555d58 100644 --- a/Koha/REST/V1/Auth.pm +++ b/Koha/REST/V1/Auth.pm @@ -216,11 +216,10 @@ sub authenticate_api_request { # Mojo doesn't use %ENV the way CGI apps do # Manually pass the remote_address to check_auth_cookie my $remote_addr = $c->tx->remote_address; - my ($status, $sessionID) = check_cookie_auth( + my ($status, $session) = check_cookie_auth( $cookie, undef, { remote_addr => $remote_addr }); if ($status eq "ok") { - my $session = get_session($sessionID); $user = Koha::Patrons->find( $session->param('number') ) unless $session->param('sessiontype') and $session->param('sessiontype') eq 'anon'; diff --git a/admin/import_export_framework.pl b/admin/import_export_framework.pl index 735915d49f..b2dec83dad 100755 --- a/admin/import_export_framework.pl +++ b/admin/import_export_framework.pl @@ -27,9 +27,9 @@ use C4::ImportExportFramework qw( createODS ExportFramework ImportFramework ); my %cookies = CGI::Cookie->fetch(); my $authenticated = 0; -my ($auth_status, $sessionID); +my ($auth_status); if (exists $cookies{'CGISESSID'}) { - ($auth_status, $sessionID) = check_cookie_auth( + ($auth_status, undef) = check_cookie_auth( $cookies{'CGISESSID'}->value, { parameters => 'manage_marc_frameworks' }, ); diff --git a/authorities/merge_ajax.pl b/authorities/merge_ajax.pl index 2bd17d0064..b4e489be5e 100755 --- a/authorities/merge_ajax.pl +++ b/authorities/merge_ajax.pl @@ -11,7 +11,7 @@ use C4::Auth qw( check_cookie_auth ); use C4::AuthoritiesMarc qw( GetTagsLabels ); my %cookies = CGI::Cookie->fetch; -my ($auth_status, $sessionID) = check_cookie_auth($cookies{'CGISESSID'}->value, { editcatalogue => 'edit_catalogue' }); +my ($auth_status) = check_cookie_auth($cookies{'CGISESSID'}->value, { editcatalogue => 'edit_catalogue' }); my $reply = CGI->new; if ($auth_status ne "ok") { print $reply->header(-type => 'text/html'); diff --git a/authorities/ysearch.pl b/authorities/ysearch.pl index fc3d51fa85..3a58fe9758 100755 --- a/authorities/ysearch.pl +++ b/authorities/ysearch.pl @@ -40,7 +40,7 @@ use Koha::SearchEngine::QueryBuilder; my $query = CGI->new; -my ( $auth_status, $sessionID ) = check_cookie_auth( $query->cookie('CGISESSID'), { catalogue => 1 } ); +my ( $auth_status) = check_cookie_auth( $query->cookie('CGISESSID'), { catalogue => 1 } ); if ( $auth_status ne "ok" ) { # send empty response diff --git a/cataloguing/merge_ajax.pl b/cataloguing/merge_ajax.pl index 6a76a45fb9..ca4543690e 100755 --- a/cataloguing/merge_ajax.pl +++ b/cataloguing/merge_ajax.pl @@ -11,7 +11,7 @@ use C4::Biblio qw( GetMarcStructure ); use C4::Auth qw( check_cookie_auth ); my %cookies = CGI::Cookie->fetch; -my ( $auth_status, $sessionID ) = check_cookie_auth( +my ( $auth_status ) = check_cookie_auth( $cookies{'CGISESSID'}->value, { editcatalogue => 'edit_catalogue' }, ); my $reply = CGI->new; diff --git a/cataloguing/ysearch.pl b/cataloguing/ysearch.pl index 87a9aaa039..7216d559b0 100755 --- a/cataloguing/ysearch.pl +++ b/cataloguing/ysearch.pl @@ -42,7 +42,7 @@ die() unless ($table eq "biblioitems"); binmode STDOUT, ":encoding(UTF-8)"; print $input->header( -type => 'text/plain', -charset => 'UTF-8' ); -my ( $auth_status, $sessionID ) = check_cookie_auth( $input->cookie('CGISESSID'), { editcatalogue => '*' } ); +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { editcatalogue => '*' } ); if ( $auth_status ne "ok" ) { exit 0; } diff --git a/circ/ysearch.pl b/circ/ysearch.pl index dd04aaf966..efe1a62d24 100755 --- a/circ/ysearch.pl +++ b/circ/ysearch.pl @@ -40,7 +40,7 @@ my $query = $input->param('term'); binmode STDOUT, ":encoding(UTF-8)"; print $input->header( -type => 'text/plain', -charset => 'UTF-8' ); -my ( $auth_status, $sessionID ) = check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => '1' } ); +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => '1' } ); if ( $auth_status ne "ok" ) { exit 0; } diff --git a/offline_circ/service.pl b/offline_circ/service.pl index 00ae314c0f..2d7ad951db 100755 --- a/offline_circ/service.pl +++ b/offline_circ/service.pl @@ -34,7 +34,7 @@ my $nocookie = $cgi->param('nocookie') || 0; # get the status of the user, this will check his credentials and rights my ($status, $cookie, $sessionId) = C4::Auth::check_api_auth($cgi, undef); -($status, $sessionId) = C4::Auth::check_cookie_auth($cgi, undef) if ($status ne 'ok' && !$nocookie); +($status) = C4::Auth::check_cookie_auth($cgi, undef) if ($status ne 'ok' && !$nocookie); my $result; diff --git a/opac/opac-patron-image.pl b/opac/opac-patron-image.pl index 3f1efb8a47..df1efdf4ef 100755 --- a/opac/opac-patron-image.pl +++ b/opac/opac-patron-image.pl @@ -35,7 +35,7 @@ unless (C4::Context->preference('OPACpatronimages')) { my $needed_flags; my %cookies = CGI::Cookie->fetch; my $sessid = $cookies{'CGISESSID'}->value; -my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags); +my ($auth_status) = check_cookie_auth($sessid, $needed_flags); my $borrowernumber = C4::Context->userenv->{'number'}; my $patron_image = Koha::Patron::Images->find($borrowernumber); diff --git a/opac/opac-ratings-ajax.pl b/opac/opac-ratings-ajax.pl index 2f43762c05..dcbeaebabb 100755 --- a/opac/opac-ratings-ajax.pl +++ b/opac/opac-ratings-ajax.pl @@ -110,7 +110,7 @@ sub ajax_auth_cgi { my %cookies = CGI::Cookie->fetch; my $input = CGI->new; my $sessid = $cookies{'CGISESSID'}->value || $input->param('CGISESSID'); - my ( $auth_status, $auth_sessid ) = + my ( $auth_status ) = check_cookie_auth( $sessid, $needed_flags ); return $input, $auth_status; } diff --git a/opac/opac-tags.pl b/opac/opac-tags.pl index 01479967ba..54567bdc7d 100755 --- a/opac/opac-tags.pl +++ b/opac/opac-tags.pl @@ -69,7 +69,7 @@ sub ajax_auth_cgi { # returns CGI object my %cookies = CGI::Cookie->fetch; my $input = CGI->new; my $sessid = $cookies{'CGISESSID'}->value; - my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags); + my ($auth_status) = check_cookie_auth($sessid, $needed_flags); if ($auth_status ne "ok") { output_with_http_headers $input, undef, "window.alert('Your CGI session cookie ($sessid) is not current. " . diff --git a/opac/svc/checkout_notes b/opac/svc/checkout_notes index dd4fb83b4e..4e95e260a6 100755 --- a/opac/svc/checkout_notes +++ b/opac/svc/checkout_notes @@ -43,7 +43,7 @@ svc/checkout_notes - Web service for setting patron notes on items # AJAX requests my $is_ajax = is_ajax(); my $query = CGI->new; -my ( $auth_status, $sessionID ) = check_cookie_auth( $query->cookie('CGISESSID'), {} ); +my ( $auth_status ) = check_cookie_auth( $query->cookie('CGISESSID'), {} ); if ( $auth_status ne "ok" ) { exit 0; } diff --git a/opac/svc/club/cancel_enrollment b/opac/svc/club/cancel_enrollment index c9af28349d..0b9fb5aa44 100755 --- a/opac/svc/club/cancel_enrollment +++ b/opac/svc/club/cancel_enrollment @@ -28,7 +28,7 @@ use Koha::Club::Enrollments; my $cgi = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $cgi->cookie('CGISESSID') ); if ( $auth_status ne "ok" ) { exit 0; diff --git a/opac/svc/club/enroll b/opac/svc/club/enroll index 105cbb6064..366dcd97b5 100755 --- a/opac/svc/club/enroll +++ b/opac/svc/club/enroll @@ -30,7 +30,7 @@ use Koha::Clubs; my $cgi = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $cgi->cookie('CGISESSID') ); if ( $auth_status ne "ok" ) { exit 0; diff --git a/plugins/plugins-enable.pl b/plugins/plugins-enable.pl index 6966be9d23..146fae96ad 100755 --- a/plugins/plugins-enable.pl +++ b/plugins/plugins-enable.pl @@ -27,7 +27,7 @@ die("Koha plugins are disabled!") unless C4::Context->config("enable_plugins"); my $input = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { plugins => 'manage' } ); my $class = $input->param('class'); diff --git a/serials/create-numberpattern.pl b/serials/create-numberpattern.pl index de6f04d997..a28ef0d415 100755 --- a/serials/create-numberpattern.pl +++ b/serials/create-numberpattern.pl @@ -28,7 +28,7 @@ use C4::Auth qw( check_cookie_auth ); my $input = CGI->new; -my ($auth_status, $sessionID) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' }); +my ($auth_status) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' }); if ($auth_status ne "ok") { print $input->header(-type => 'text/plain', -status => '403 Forbidden'); exit 0; diff --git a/serials/subscription-frequency.pl b/serials/subscription-frequency.pl index 4d46a83d79..4d5208e898 100755 --- a/serials/subscription-frequency.pl +++ b/serials/subscription-frequency.pl @@ -26,7 +26,7 @@ use JSON qw( to_json ); my $input=CGI->new; my $frqid=$input->param("frequency_id"); -my ($auth_status, $sessionID) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' }); +my ($auth_status) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' }); if ($auth_status ne "ok") { exit 0; } diff --git a/serials/subscription-numberpattern.pl b/serials/subscription-numberpattern.pl index cc6b2926f7..645f6af04d 100755 --- a/serials/subscription-numberpattern.pl +++ b/serials/subscription-numberpattern.pl @@ -25,7 +25,7 @@ use JSON qw( to_json ); my $input=CGI->new; -my ($auth_status, $sessionID) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' }); +my ($auth_status) = check_cookie_auth($input->cookie('CGISESSID'), { serials => '*' }); if ($auth_status ne "ok") { print $input->header(-type => 'text/plain', -status => '403 Forbidden'); exit 0; diff --git a/svc/article_request b/svc/article_request index e8c8e7f819..28db40d42d 100755 --- a/svc/article_request +++ b/svc/article_request @@ -28,7 +28,7 @@ use Koha::ArticleRequests; my $cgi = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { circulate => 'circulate_remaining_permissions' } ); if ( $auth_status ne "ok" ) { exit 0; diff --git a/svc/authorised_values b/svc/authorised_values index ae082d32e7..8b6821aa0f 100755 --- a/svc/authorised_values +++ b/svc/authorised_values @@ -22,7 +22,6 @@ use Modern::Perl; use JSON qw( to_json ); use CGI; use C4::Service; -use C4::Auth qw( check_cookie_auth ); use Koha::AuthorisedValues; =head1 NAME diff --git a/svc/barcode b/svc/barcode index 1f71d43ff3..27d5952cd6 100755 --- a/svc/barcode +++ b/svc/barcode @@ -91,7 +91,7 @@ below the scannable barcode. my $input = CGI->new; -my ( $auth_status, $sessionID ) = check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => '*' } ); +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { catalogue => '*' } ); if ( $auth_status ne "ok" ) { exit 0; diff --git a/svc/cataloguing/automatic_linker.pl b/svc/cataloguing/automatic_linker.pl index a1d6b13b8b..17159d9686 100755 --- a/svc/cataloguing/automatic_linker.pl +++ b/svc/cataloguing/automatic_linker.pl @@ -28,7 +28,7 @@ my $input = CGI->new; print $input->header('application/json'); # Check the user's permissions -my ( $auth_status, $auth_sessid ) = +my ( $auth_status ) = C4::Auth::check_cookie_auth( $input->cookie('CGISESSID'), { editauthorities => 1, editcatalogue => 1 } ); if ( $auth_status ne "ok" ) { print to_json( { status => 'UNAUTHORIZED' } ); diff --git a/svc/checkin b/svc/checkin index 3a59f6bdb0..1c7c4637e8 100755 --- a/svc/checkin +++ b/svc/checkin @@ -31,7 +31,7 @@ use Koha::Items; my $input = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { circulate => 'circulate_remaining_permissions' } ); diff --git a/svc/checkout_notes b/svc/checkout_notes index 5d13527bfc..c9443dba10 100755 --- a/svc/checkout_notes +++ b/svc/checkout_notes @@ -37,7 +37,7 @@ svc/checkout_notes - Web service for managing patron notes set on issues # AJAX requests my $is_ajax = is_ajax(); my $query = CGI->new; -my ( $auth_status, $sessionID ) = check_cookie_auth( $query->cookie('CGISESSID'), { circulate => 'manage_checkout_notes' } ); +my ( $auth_status ) = check_cookie_auth( $query->cookie('CGISESSID'), { circulate => 'manage_checkout_notes' } ); if ( $auth_status ne "ok" ) { exit 0; } diff --git a/svc/checkouts b/svc/checkouts index b8b5bdf109..30bbee53b1 100755 --- a/svc/checkouts +++ b/svc/checkouts @@ -22,7 +22,7 @@ use Modern::Perl; use CGI; use JSON qw(to_json); -use C4::Auth qw(check_cookie_auth haspermission get_session); +use C4::Auth qw(check_cookie_auth haspermission); use C4::Circulation qw(GetIssuingCharges CanBookBeRenewed GetRenewCount GetSoonestRenewDate); use C4::Overdues qw(GetFine); use C4::Context; @@ -33,10 +33,9 @@ use Koha::ItemTypes; my $input = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status, $session ) = check_cookie_auth( $input->cookie('CGISESSID')); -my $session = get_session($sessionID); my $userid = $session->param('id'); unless (haspermission($userid, { circulate => 'circulate_remaining_permissions' }) diff --git a/svc/club/cancel_enrollment b/svc/club/cancel_enrollment index d67d547c96..3d4c2e8d9f 100755 --- a/svc/club/cancel_enrollment +++ b/svc/club/cancel_enrollment @@ -29,7 +29,7 @@ use Koha::Club::Enrollments; my $cgi = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs => 'enroll' } ); if ( $auth_status ne "ok" ) { exit 0; diff --git a/svc/club/delete b/svc/club/delete index 636b0ed724..6d7bcf5c08 100755 --- a/svc/club/delete +++ b/svc/club/delete @@ -28,7 +28,7 @@ use Koha::Clubs; my $cgi = CGI->new; -my ( $auth_status, $sessionID ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs => 'edit_clubs' } ); +my ( $auth_status ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs => 'edit_clubs' } ); if ( $auth_status ne "ok" ) { exit 0; } diff --git a/svc/club/enroll b/svc/club/enroll index 014ca4c6d4..7bfe364f96 100755 --- a/svc/club/enroll +++ b/svc/club/enroll @@ -30,7 +30,7 @@ use Koha::Clubs; my $cgi = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs => 'enroll' } ); if ( $auth_status ne "ok" ) { exit 0; diff --git a/svc/club/template/delete b/svc/club/template/delete index b3700b6f2b..8166ca2905 100755 --- a/svc/club/template/delete +++ b/svc/club/template/delete @@ -29,7 +29,7 @@ use Koha::Club::Templates; my $cgi = CGI->new; -my ( $auth_status, $sessionID ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs => 'edit_templates' } ); +my ( $auth_status ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { clubs => 'edit_templates' } ); if ( $auth_status ne "ok" ) { exit 0; } diff --git a/svc/cover_images b/svc/cover_images index 82e68f2ee5..7531e8c2b4 100755 --- a/svc/cover_images +++ b/svc/cover_images @@ -27,7 +27,7 @@ use JSON qw/to_json/; my $input = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { tools => 'upload_local_cover_images' } ); diff --git a/svc/creator_batches b/svc/creator_batches index 51e13dcdce..1e2e4b3eb7 100755 --- a/svc/creator_batches +++ b/svc/creator_batches @@ -39,7 +39,7 @@ svc/creator_batches - Web service for managing AJAX functionality for patroncard # AJAX requests my $is_ajax = is_ajax(); my $cgi = CGI->new; -my ( $auth_status, $sessionID ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { catalogue => 1 } ); +my ( $auth_status ) = check_cookie_auth( $cgi->cookie('CGISESSID'), { catalogue => 1 } ); if ( $auth_status ne "ok" ) { exit 0; } diff --git a/svc/hold/resume b/svc/hold/resume index e14c6b1b39..4c01c0ee7c 100755 --- a/svc/hold/resume +++ b/svc/hold/resume @@ -30,7 +30,7 @@ use Koha::Holds; my $input = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { circulate => 'circulate_remaining_permissions' } ); if ( $auth_status ne "ok" ) { diff --git a/svc/hold/suspend b/svc/hold/suspend index 41b4130a39..01ec1d26f8 100755 --- a/svc/hold/suspend +++ b/svc/hold/suspend @@ -30,7 +30,7 @@ use Koha::Holds; my $input = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { circulate => 'circulate_remaining_permissions' } ); if ( $auth_status ne "ok" ) { diff --git a/svc/holds b/svc/holds index 90a2ad74b3..77c260ff27 100755 --- a/svc/holds +++ b/svc/holds @@ -34,7 +34,7 @@ use Koha::Libraries; my $input = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { circulate => 'circulate_remaining_permissions' } ); diff --git a/svc/mana/increment b/svc/mana/increment index 2b0197bdc0..09739add4e 100755 --- a/svc/mana/increment +++ b/svc/mana/increment @@ -31,7 +31,7 @@ my $input = CGI->new; binmode STDOUT, ":encoding(UTF-8)"; print $input->header( -type => 'text/plain', -charset => 'UTF-8' ); -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { serials => 'create_subscription' } ); diff --git a/svc/mana/search b/svc/mana/search index 5b7b43f7a7..cb52061409 100755 --- a/svc/mana/search +++ b/svc/mana/search @@ -22,7 +22,7 @@ use Modern::Perl; use Koha::SharedContent; use Koha::Subscription; -use C4::Auth qw(check_cookie_auth), qw(get_template_and_user); +use C4::Auth qw(get_template_and_user); use C4::Output qw( output_html_with_http_headers ); use CGI; diff --git a/svc/mana/share b/svc/mana/share index 367b5e7ffa..161c9e3640 100755 --- a/svc/mana/share +++ b/svc/mana/share @@ -30,7 +30,7 @@ my $input = CGI->new; binmode STDOUT, ":encoding(UTF-8)"; print $input->header( -type => 'text/plain', -charset => 'UTF-8' ); -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { serials => 'create_subscription' } ); diff --git a/svc/mana/use b/svc/mana/use index 6b6d6bc235..08fc72b8cb 100755 --- a/svc/mana/use +++ b/svc/mana/use @@ -32,7 +32,7 @@ my $input = CGI->new; binmode STDOUT, ":encoding(UTF-8)"; print $input->header( -type => 'text/plain', -charset => 'UTF-8' ); -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { serials => 'create_subscription' } ); diff --git a/svc/members/add_to_list b/svc/members/add_to_list index 6c9473efd8..fd23e9c842 100755 --- a/svc/members/add_to_list +++ b/svc/members/add_to_list @@ -26,7 +26,7 @@ use Koha::List::Patron qw( AddPatronList GetPatronLists AddPatronsToList ); my $input = CGI->new; -my ( $auth_status, $sessionID ) = check_cookie_auth( +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { tools => 'manage_patron_lists' }, ); diff --git a/svc/problem_reports b/svc/problem_reports index eafa206c55..012596bae4 100755 --- a/svc/problem_reports +++ b/svc/problem_reports @@ -37,7 +37,7 @@ svc/problem_reports - Web service for managing OPAC problem reports # AJAX requests my $is_ajax = is_ajax(); my $query = CGI->new; -my ( $auth_status, $sessionID ) = check_cookie_auth( $query->cookie('CGISESSID'), { problem_reports => 1 } ); +my ( $auth_status ) = check_cookie_auth( $query->cookie('CGISESSID'), { problem_reports => 1 } ); if ( $auth_status ne "ok" ) { exit 0; } diff --git a/svc/renew b/svc/renew index a3edd4db43..91f7958031 100755 --- a/svc/renew +++ b/svc/renew @@ -31,7 +31,7 @@ use Koha::DateUtils qw(output_pref dt_from_string); my $input = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { circulate => 'circulate_remaining_permissions' } ); diff --git a/svc/return_claims b/svc/return_claims index a19f861660..5ac7d49e79 100755 --- a/svc/return_claims +++ b/svc/return_claims @@ -22,7 +22,7 @@ use Modern::Perl; use CGI; use JSON qw(to_json); -use C4::Auth qw(check_cookie_auth haspermission get_session); +use C4::Auth qw(check_cookie_auth haspermission); use C4::Context; use Koha::AuthorisedValues; @@ -31,10 +31,9 @@ use Koha::Patrons; my $input = CGI->new; -my ( $auth_status, $sessionID ) = +my ( $auth_status, $session ) = check_cookie_auth( $input->cookie('CGISESSID') ); -my $session = get_session($sessionID); my $userid = $session->param('id'); unless ( diff --git a/tags/review.pl b/tags/review.pl index 0cc157aacc..1810081a25 100755 --- a/tags/review.pl +++ b/tags/review.pl @@ -44,7 +44,7 @@ sub ajax_auth_cgi { # returns CGI object my %cookies = CGI::Cookie->fetch; my $input = CGI->new; my $sessid = $cookies{'CGISESSID'}->value; - my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags); + my ($auth_status) = check_cookie_auth($sessid, $needed_flags); if ($auth_status ne "ok") { output_with_http_headers $input, undef, "window.alert('Your CGI session cookie ($sessid) is not current. " . diff --git a/tools/background-job-progress.pl b/tools/background-job-progress.pl index e9e914d0d7..ae6df95e86 100755 --- a/tools/background-job-progress.pl +++ b/tools/background-job-progress.pl @@ -30,7 +30,7 @@ use CGI::Cookie; # need to check cookies before my $input = CGI->new; my %cookies = CGI::Cookie->fetch; -my ($auth_status, $sessionID) = check_cookie_auth($cookies{'CGISESSID'}->value, { tools => '*' }); +my ($auth_status, $session) = check_cookie_auth($cookies{'CGISESSID'}->value, { tools => '*' }); if ($auth_status ne "ok") { my $reply = CGI->new(""); print $reply->header(-type => 'text/html'); @@ -38,6 +38,7 @@ if ($auth_status ne "ok") { exit 0; } +my $sessionID = $session->id; my $jobID = $input->param('jobID'); my $job = C4::BackgroundJob->fetch($sessionID, $jobID); my $reported_progress = 0; diff --git a/tools/batch_records_ajax.pl b/tools/batch_records_ajax.pl index 1085348da9..06e3bf69de 100755 --- a/tools/batch_records_ajax.pl +++ b/tools/batch_records_ajax.pl @@ -54,7 +54,7 @@ $results_per_page = undef if $results_per_page && $results_per_page == -1; binmode STDOUT, ":encoding(UTF-8)"; print $input->header( -type => 'text/plain', -charset => 'UTF-8' ); -my ( $auth_status, $sessionID ) = +my ( $auth_status ) = check_cookie_auth( $input->cookie('CGISESSID'), { tools => 'manage_staged_marc' } ); if ( $auth_status ne "ok" ) { exit 0; diff --git a/tools/upload-file.pl b/tools/upload-file.pl index 7ec0fc7045..125e7cb611 100755 --- a/tools/upload-file.pl +++ b/tools/upload-file.pl @@ -39,7 +39,7 @@ use Koha::Uploader; my %cookies = CGI::Cookie->fetch; my $sid = $cookies{'CGISESSID'}->value; -my ( $auth_status, $sessionID ) = check_cookie_auth( $sid ); +my ( $auth_status ) = check_cookie_auth( $sid ); my $uid = C4::Auth::get_session($sid)->param('id'); my $allowed = Koha::Uploader->allows_add_by( $uid ); -- 2.39.5