From e4c7f15c3fd6f6741f9960bb9d6da2f987f879f4 Mon Sep 17 00:00:00 2001
From: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Date: Tue, 30 Jan 2024 12:13:36 +0100
Subject: [PATCH] Bug 34478: Log if CSRF is wrong (debug)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
---
 C4/Auth.pm | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 4cf7f7659b..9c541d8af8 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -644,13 +644,18 @@ sub get_template_and_user {
 
     my $op = $in->{query}->param('op');
     if ( defined $op && $op =~ m{^cud-} ) {
-        C4::Output::output_and_exit( $in->{query}, $cookie, $template, 'wrong_csrf_token' )
-            unless Koha::Token->new->check_csrf(
-            {
-                session_id => scalar $in->{query}->cookie('CGISESSID'),
-                token      => scalar $in->{query}->param('csrf_token'),
-            }
-            );
+        unless (
+            Koha::Token->new->check_csrf(
+                {
+                    session_id => scalar $in->{query}->cookie('CGISESSID'),
+                    token      => scalar $in->{query}->param('csrf_token'),
+                }
+            )
+            )
+        {
+            Koha::Logger->get->debug("The form submission failed (Wrong CSRF token).");
+            C4::Output::output_and_exit( $in->{query}, $cookie, $template, 'wrong_csrf_token' );
+        }
     }
 
     return ( $template, $borrowernumber, $cookie, $flags );
-- 
2.39.5