Bug 17109: Add CSRF token to [opac-]sendbasket

[koha.git] / koha-tmpl / intranet-tmpl / prog / en / modules / basket / sendbasketform.tt

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt
index ef116fc..07d004d 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt
@@ -10,6 +10,10 @@
         <p>The cart was sent to: [% email_add |html %]</p>
                <p><a class="focus close" href="#">Close window</a></p>
        [% END %]
+    [% IF csrf_error %]
+        <p>No valid CSRF token!</p>
+        <p><a class="focus close" href="#">Close window</a></p>
+    [% END %]
        [% IF ( error ) %]
        <p>Problem sending the cart...</p>
        [% END %]
@@ -28,10 +32,11 @@
             <label for="comment">Comment:</label>
             <textarea id="comment" name="comment" rows="4" cols="40"></textarea>
     </li>
-    <li>
-        <input type="hidden" name="bib_list" value="[% bib_list %]" />
-    </li></ol></fieldset>
-       <fieldset class="action"> <input type="submit" value="Send" /> <a class="cancel close" href="#">Cancel</a> </fieldset>
+    </ol>
+    </fieldset>
+    <fieldset class="action"> <input type="submit" value="Send" /> <a class="cancel close" href="#">Cancel</a> </fieldset>
+    <input type="hidden" name="bib_list" value="[% bib_list %]" />
+    <input type="hidden" name="csrf_token" value="[% csrf_token %]" />
 </form>
 
 [% END %]</div>