use C4::Accounts;
use C4::Items;
use C4::Members::Attributes qw(GetBorrowerAttributes);
+use Koha::Token;
+use Koha::Items;
use Koha::Patrons;
use Koha::Patron::Categories;
my $input=new CGI;
my $flagsrequired = { borrowers => 'edit_borrowers' };
+my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
+ { template_name => "members/maninvoice.tt",
+ query => $input,
+ type => "intranet",
+ authnotrequired => 0,
+ flagsrequired => $flagsrequired,
+ debug => 1,
+ }
+);
my $borrowernumber=$input->param('borrowernumber');
my $add=$input->param('add');
if ($add){
if ( checkauth( $input, 0, $flagsrequired, 'intranet' ) ) {
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
+ unless Koha::Token->new->check_csrf( {
+ session_id => scalar $input->cookie('CGISESSID'),
+ token => scalar $input->param('csrf_token'),
+ });
# Note: If the logged in user is not allowed to see this patron an invoice can be forced
# Here we are trusting librarians not to hack the system
my $barcode=$input->param('barcode');
my $itemnum;
if ($barcode) {
- $itemnum = GetItemnumberFromBarcode($barcode);
+ my $item = Koha::Items->find({barcode => $barcode});
+ $itemnum = $item->itemnumber if $item;
}
my $desc=$input->param('desc');
my $amount=$input->param('amount');
my $type=$input->param('type');
my $note = $input->param('note');
- my $error = manualinvoice( $borrowernumber, $itemnum, $desc, $type, $amount, $note );
+ my $error = C4::Accounts::manualinvoice( $borrowernumber, $itemnum, $desc, $type, $amount, $note );
if ($error) {
- my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
- { template_name => "members/maninvoice.tt",
- query => $input,
- type => "intranet",
- authnotrequired => 0,
- flagsrequired => $flagsrequired,
- debug => 1,
- }
- );
if ( $error =~ /FOREIGN KEY/ && $error =~ /itemnumber/ ) {
$template->param( 'ITEMNUMBER' => 1 );
}
+ $template->param( csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }) );
$template->param( 'ERROR' => $error );
output_html_with_http_headers $input, $cookie, $template->output;
} else {
+
+ if ( C4::Context->preference('AccountAutoReconcile') ) {
+ $patron->account->reconcile_balance;
+ }
+
print $input->redirect("/cgi-bin/koha/members/boraccount.pl?borrowernumber=$borrowernumber");
exit;
}
}
$template->param( invoice_types_loop => \@invoice_types );
- if ( $patron->category->category_type eq 'C') {
- my $patron_categories = Koha::Patron::Categories->search_limited({ category_type => 'A' }, {order_by => ['categorycode']});
- $template->param( 'CATCODE_MULTI' => 1) if $patron_categories->count > 1;
- $template->param( 'catcode' => $patron_categories->next->categorycode ) if $patron_categories->count == 1;
- }
-
if (C4::Context->preference('ExtendedPatronAttributes')) {
my $attributes = GetBorrowerAttributes($borrowernumber);
$template->param(
}
$template->param(
+ csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }),
patron => $patron,
finesview => 1,
);