use CGI qw ( -utf8 );
use Encode qw(encode);
use Carp;
-use Digest::MD5 qw(md5_base64);
use Mail::Sendmail;
use MIME::QuotedPrint;
use MIME::Base64;
my $dbh = C4::Context->dbh;
-my $csrf_err;
if ( $email_add ) {
- $csrf_err = 1 unless Koha::Token->new->check_csrf({
- id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
- token => scalar $query->param('csrf_token'),
- });
-}
-
-if( $csrf_err ) {
- $template->param( csrf_error => 1, email_add => 1 );
- output_html_with_http_headers $query, $cookie, $template->output;
-} elsif ( $email_add ) {
+ output_and_exit( $query, $cookie, $template, 'wrong_csrf_token' )
+ unless Koha::Token->new->check_csrf({
+ session_id => scalar $query->cookie('CGISESSID'),
+ token => scalar $query->param('csrf_token'),
+ });
my $email = Koha::Email->new();
my %mail = $email->create_message_headers({ to => $email_add });
my $comment = $query->param('comment');
# Since we are already logged in, no need to check credentials again
- # We only need to add OPACBaseURL
+ # when loading a second template.
my $template2 = C4::Templates::gettemplate(
'basket/sendbasket.tt', 'intranet', $query,
);
- $template2->param( OPACBaseURL => C4::Context->preference('OPACBaseURL') );
my @bibs = split( /\//, $bib_list );
my @results;
my $dat = GetBiblioData($biblionumber);
next unless $dat;
- my $record = GetMarcBiblio($biblionumber, 1);
+ my $record = GetMarcBiblio({
+ biblionumber => $biblionumber,
+ embed_items => 1 });
my $marcauthorsarray = GetMarcAuthors( $record, $marcflavour );
my $marcsubjctsarray = GetMarcSubjects( $record, $marcflavour );
if ( $template_res =~ /<SUBJECT>(.*)<END_SUBJECT>/s ) {
$mail{subject} = $1;
$mail{subject} =~ s|\n?(.*)\n?|$1|;
- $mail{subject} = Encode::encode("UTF-8", $mail{subject});
+ $mail{subject} = encode('MIME-Header',$mail{subject});
}
else { $mail{'subject'} = "no subject"; }
$template->param( SENT => "1" );
}
else {
- # do something if it doesnt work....
+ # do something if it doesn't work....
carp "Error sending mail: $Mail::Sendmail::error \n";
$template->param( error => 1 );
}
url => "/cgi-bin/koha/basket/sendbasket.pl",
suggestion => C4::Context->preference("suggestion"),
virtualshelves => C4::Context->preference("virtualshelves"),
- csrf_token => Koha::Token->new->generate_csrf(
- { id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
- }
- ),
+ csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $query->cookie('CGISESSID'), }),
);
output_html_with_http_headers $query, $cookie, $template->output;
}