From 5f846a33abe89599fa7b9a37cb3c00632d30ec90 Mon Sep 17 00:00:00 2001 From: Nick Clemens Date: Wed, 23 May 2018 10:37:35 +0000 Subject: [PATCH] Bug 20701: (17.11 follow-up) Move csrf token after checkauth and use scalar Signed-off-by: Nick Clemens --- members/mancredit.pl | 2 +- members/maninvoice.pl | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/members/mancredit.pl b/members/mancredit.pl index 3617f2af90..e1a383aac3 100755 --- a/members/mancredit.pl +++ b/members/mancredit.pl @@ -55,7 +55,7 @@ if ($add){ die "Wrong CSRF token" unless Koha::Token->new->check_csrf( { - session_id => $input->cookie('CGISESSID'), + session_id => scalar $input->cookie('CGISESSID'), token => scalar $input->param('csrf_token'), }); diff --git a/members/maninvoice.pl b/members/maninvoice.pl index a6429aa40d..dfe3d1c65c 100755 --- a/members/maninvoice.pl +++ b/members/maninvoice.pl @@ -51,12 +51,12 @@ unless ( $patron ) { my $add=$input->param('add'); if ($add){ - die "Wrong CSRF token" - unless Koha::Token->new->check_csrf( { - session_id => $input->cookie('CGISESSID'), - token => scalar $input->param('csrf_token'), - }); if ( checkauth( $input, 0, $flagsrequired, 'intranet' ) ) { + die "Wrong CSRF token" + unless Koha::Token->new->check_csrf( { + session_id => scalar $input->cookie('CGISESSID'), + token => scalar $input->param('csrf_token'), + }); # print $input->header; my $barcode=$input->param('barcode'); my $itemnum; -- 2.39.5