From bb69578db04f4d7fe545e450bef823a21911e3ea Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Fri, 4 Aug 2023 11:06:16 +0200
Subject: [PATCH] Bug 34478: Add 'op' to opac-user.tt

Bug 34478: [TO SQUASH] Add 'op' to opac-user.tt

Bug 34478: [TO SQUASH] Add 'op' to opac-user.tt

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
---
 koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt | 6 ++++--
 opac/opac-renew.pl                                    | 3 +++
 opac/opac-user.pl                                     | 4 +++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt
index dca48f11d1..d9920dc14a 100644
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-user.tt
@@ -216,6 +216,7 @@
 
                     [% IF Koha.Preference('AllowPatronToControlAutorenewal') %]
                     <form id="autorenewal_option" action="/cgi-bin/koha/opac-user.pl" method="post">
+                        [% INCLUDE 'csrf-token.inc' %]
                         <legend class="sr-only">Auto-renewal</legend>
                             <label for="yes-autorenew_checkouts">
                                 Allow auto-renewal:
@@ -240,8 +241,7 @@
                                         <input type="radio" id="no-autorenew_checkouts" name="borrower_autorenew_checkouts" value="0" checked="checked" />
                                     </label>
                                 [% END %]
-                        [% INCLUDE 'csrf-token.inc' %]
-                        <input type="hidden" name="update_arc" value="1" />
+                        <input type="hidden" name="op" value="cud-update_arc" />
                         <input type="submit" value="Update auto-renewal preference" />
                     </form>
                     [% END %]
@@ -544,6 +544,7 @@
                                         </table>
                                         [% IF ( canrenew && !userdebarred && OpacRenewalAllowed && !( logged_in_user.is_expired && logged_in_user.category.effective_BlockExpiredPatronOpacActions ) ) %]
                                             <input type="submit" class="btn btn-primary" value="Renew selected" />
+                                            <input type="hidden" name="op" value="cud-renew" />
                                             <button type="button" id="renewall_js" class="btn btn-primary">Renew all</button>
                                         [% END %]
                                     </form>
@@ -553,6 +554,7 @@
                                             [% INCLUDE 'csrf-token.inc' %]
                                             <legend class="sr-only">Renew</legend>
                                             <input type="hidden" name="from" value="opac_user" />
+                                            <input type="hidden" name="op" value="renew" />
                                             <input type="hidden" name="borrowernumber" value="[% borrowernumber | html %]" />
                                             [% FOREACH ISSUE IN ISSUES %]
                                                 [% IF ISSUE.status %]
diff --git a/opac/opac-renew.pl b/opac/opac-renew.pl
index db70a16716..dff4d5b21f 100755
--- a/opac/opac-renew.pl
+++ b/opac/opac-renew.pl
@@ -31,6 +31,9 @@ use C4::Members;
 use Koha::Items;
 use Koha::Patrons;
 my $query = CGI->new;
+my $op = $query->param('op') || q{};
+
+die "op must be set" unless $op eq 'renew';
 
 my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
 	{
diff --git a/opac/opac-user.pl b/opac/opac-user.pl
index f053ed65e6..3d44e9828f 100755
--- a/opac/opac-user.pl
+++ b/opac/opac-user.pl
@@ -57,6 +57,8 @@ use Date::Calc qw( Date_to_Days Today );
 
 my $query = CGI->new;
 
+my $op = $query->param('op') || q{};
+
 # CAS single logout handling
 # Will print header and exit
 if ( C4::Context->preference('casAuthentication') ) {
@@ -87,7 +89,7 @@ $template->param( shibbolethAuthentication => C4::Context->config('useshibboleth
 # get borrower information ....
 my $patron = Koha::Patrons->find( $borrowernumber );
 
-if( $query->param('update_arc') && C4::Context->preference("AllowPatronToControlAutorenewal") ){
+if( $op eq 'cud-update_arc' && C4::Context->preference("AllowPatronToControlAutorenewal") ){
     die "Wrong CSRF token"
         unless Koha::Token->new->check_csrf({
             session_id => scalar $query->cookie('CGISESSID'),
-- 
2.39.5