use Koha::Authority::Types;
use Koha::SearchEngine::Search;
use Koha::SearchEngine::QueryBuilder;
+use Koha::Token;
my $query = new CGI;
my $dbh = C4::Context->dbh;
debug => 1,
}
);
- &DelAuthority( $authid, 1 );
+
+ die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
+ session_id => scalar $query->cookie('CGISESSID'),
+ token => scalar $query->param('csrf_token'),
+ });
+
+ DelAuthority({ authid => $authid });
if ( $query->param('operator') ) {
# query contains search params so perform search
}
);
+ $template->param(
+ csrf_token => Koha::Token->new->generate_csrf({
+ session_id => scalar $query->cookie('CGISESSID'),
+ }),
+ );
+
# search history
if (C4::Context->preference('EnableSearchHistory')) {
if ( $startfrom == 1) {