Bug 19537: Correct addition of source subfield from authorities

[koha.git] / authorities / authorities-home.pl

diff --git a/authorities/authorities-home.pl b/authorities/authorities-home.pl
index 6e0a8fe..d9c5ac8 100755 (executable)
--- a/authorities/authorities-home.pl
+++ b/authorities/authorities-home.pl
@@ -36,6 +36,7 @@ use C4::Search::History;
 use Koha::Authority::Types;
 use Koha::SearchEngine::Search;
 use Koha::SearchEngine::QueryBuilder;
+use Koha::Token;
 
 my $query = new CGI;
 my $dbh   = C4::Context->dbh;
@@ -58,7 +59,13 @@ if ( $op eq "delete" ) {
             debug           => 1,
         }
     );
-    &DelAuthority( $authid, 1 );
+
+    die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
+        session_id => scalar $query->cookie('CGISESSID'),
+        token  => scalar $query->param('csrf_token'),
+    });
+
+    DelAuthority({ authid => $authid });
 
     if ( $query->param('operator') ) {
         # query contains search params so perform search
@@ -111,6 +118,12 @@ if ( $op eq "do_search" ) {
         }
     );
 
+    $template->param(
+        csrf_token => Koha::Token->new->generate_csrf({
+            session_id => scalar $query->cookie('CGISESSID'),
+        }),
+    );
+
     # search history
     if (C4::Context->preference('EnableSearchHistory')) {
         if ( $startfrom == 1) {