From e19c978f021ec8661fa86dd142d9f67dd5306675 Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Tue, 27 Feb 2024 09:44:42 +0100
Subject: [PATCH] Bug 36084: svc - mana

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
---
 .../prog/en/modules/reports/guided_reports_start.tt           | 2 +-
 koha-tmpl/intranet-tmpl/prog/js/mana.js                       | 4 ++--
 koha-tmpl/intranet-tmpl/prog/js/subscription-add.js           | 4 ++--
 svc/mana/increment                                            | 2 +-
 svc/mana/share                                                | 2 +-
 svc/mana/use                                                  | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt
index c2a40a2270..1682c2a103 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt
@@ -2313,7 +2313,7 @@
             $.ajax( {
                 type:"POST",
                 url: "/cgi-bin/koha/svc/mana/use",
-                data: {id:mana_id, resource: 'report', saveinbase: 1},
+                data: {id:mana_id, resource: 'report', saveinbase: 1, csrf_token: $('meta[name="csrf-token"]').attr('content')},
                 dataType: "json",
             })
             .done( function (result){
diff --git a/koha-tmpl/intranet-tmpl/prog/js/mana.js b/koha-tmpl/intranet-tmpl/prog/js/mana.js
index b8542b8077..8f5917b926 100644
--- a/koha-tmpl/intranet-tmpl/prog/js/mana.js
+++ b/koha-tmpl/intranet-tmpl/prog/js/mana.js
@@ -6,7 +6,7 @@ function mana_increment(mana_id, resource, fieldvalue, stepvalue ) {
     $.ajax({
         type: "POST",
         url: "/cgi-bin/koha/svc/mana/increment",
-        data: {id: mana_id, resource: resource, field: fieldvalue, step: stepvalue},
+        data: {id: mana_id, resource: resource, field: fieldvalue, step: stepvalue, csrf_token: $('meta[name="csrf-token"]').attr('content')},
         datatype: "json",
     })
         .done(function() {
@@ -28,7 +28,7 @@ function mana_comment( target_id, manamsg, resource_type ) {
     $.ajax( {
         type: "POST",
         url: "/cgi-bin/koha/svc/mana/share",
-        data: { message: manamsg, resource: resource_type, resource_id: target_id },
+        data: { message: manamsg, resource: resource_type, resource_id: target_id, csrf_token: $('meta[name="csrf-token"]').attr('content') },
         dataType: "json",
     })
         .done(function( data ) {
diff --git a/koha-tmpl/intranet-tmpl/prog/js/subscription-add.js b/koha-tmpl/intranet-tmpl/prog/js/subscription-add.js
index 9818ff9657..927c5d71a3 100644
--- a/koha-tmpl/intranet-tmpl/prog/js/subscription-add.js
+++ b/koha-tmpl/intranet-tmpl/prog/js/subscription-add.js
@@ -422,7 +422,7 @@ function mana_search() {
     $("#mana_search").show();
 
     $.ajax({
-        type: "POST",
+        type: "GET",
         url: "/cgi-bin/koha/svc/mana/search",
         data: {id: $("#biblionumber").val(), resource: 'subscription', usecomments: 1},
         dataType: "html",
@@ -461,7 +461,7 @@ function mana_use(mana_id){
     $.ajax( {
         type: "POST",
         url: "/cgi-bin/koha/svc/mana/use",
-        data: {id: mana_id, resource: 'subscription'},
+        data: {id: mana_id, resource: 'subscription', csrf_token: $('meta[name="csrf-token"]').attr('content')},
         dataType: "json",
     })
         .done(function(result){
diff --git a/svc/mana/increment b/svc/mana/increment
index 09739add4e..684148379e 100755
--- a/svc/mana/increment
+++ b/svc/mana/increment
@@ -35,7 +35,7 @@ my ( $auth_status ) =
   check_cookie_auth( $input->cookie('CGISESSID'),
     { serials => 'create_subscription' } );
 
-if ( $auth_status ne "ok" ) {
+if ( $auth_status ne "ok" || $input->request_method ne "POST" ) {
     exit 0;
 }
 my $result = Koha::SharedContent::increment_entity_value(
diff --git a/svc/mana/share b/svc/mana/share
index 161c9e3640..f9978a9a19 100755
--- a/svc/mana/share
+++ b/svc/mana/share
@@ -34,7 +34,7 @@ my ( $auth_status ) =
   check_cookie_auth( $input->cookie('CGISESSID'),
     { serials => 'create_subscription' } );
 
-if ( $auth_status ne "ok" ) {
+if ( $auth_status ne "ok" || $input->request_method ne "POST" ) {
     exit 0;
 }
 
diff --git a/svc/mana/use b/svc/mana/use
index 08fc72b8cb..0f7eb91d58 100755
--- a/svc/mana/use
+++ b/svc/mana/use
@@ -36,7 +36,7 @@ my ( $auth_status ) =
   check_cookie_auth( $input->cookie('CGISESSID'),
     { serials => 'create_subscription' } );
 
-if ( $auth_status ne "ok" ) {
+if ( $auth_status ne "ok" || $input->request_method ne "POST" ) {
     exit 0;
 }
 
-- 
2.20.1