use Koha::Patron::Images;
use Koha::Patrons;
use Koha::Account;
+use Koha::Token;
use Koha::Patron::Categories;
# get borrower details
my $borrowernumber = $input->param('borrowernumber');
my $patron = Koha::Patrons->find( $borrowernumber );
+unless ( $patron ) {
+ print $input->redirect("/cgi-bin/koha/circ/circulation.pl?borrowernumber=$borrowernumber");
+ exit;
+}
my $borrower = $patron->unblessed;
my $category = $patron->category;
$borrower->{description} = $category->description;
my $writeoff = $input->param('writeoff_individual');
my $select_lines = $input->param('selected');
my $select = $input->param('selected_accts');
-my $payment_note = uri_unescape $input->param('payment_note');
-my $accountno;
+my $payment_note = uri_unescape scalar $input->param('payment_note');
my $accountlines_id;
if ( $individual || $writeoff ) {
$accountlines_id = $input->param('accountlines_id');
my $amount = $input->param('amount');
my $amountoutstanding = $input->param('amountoutstanding');
- $accountno = $input->param('accountno');
my $itemnumber = $input->param('itemnumber');
my $description = $input->param('description');
my $title = $input->param('title');
$template->param(
accounttype => $accounttype,
accountlines_id => $accountlines_id,
- accountno => $accountno,
amount => $amount,
amountoutstanding => $amountoutstanding,
title => $title,
total_due => $total_due
);
} else {
+ die "Wrong CSRF token"
+ unless Koha::Token->new->check_csrf( {
+ session_id => $input->cookie('CGISESSID'),
+ token => scalar $input->param('csrf_token'),
+ });
+
if ($individual) {
my $line = Koha::Account::Lines->find($accountlines_id);
Koha::Account->new( { patron_id => $borrowernumber } )->pay(
{
borrowernumber => $borrowernumber,
amountoutstanding => { '<>' => 0 },
- accountno => { 'IN' => \@acc },
+ accountlines_id => { 'IN' => \@acc },
},
{ order_by => 'date' }
);
- return Koha::Account->new(
+ Koha::Account->new(
{
patron_id => $borrowernumber,
}
total => $total_due,
RoutingSerials => C4::Context->preference('RoutingSerials'),
ExtendedPatronAttributes => C4::Context->preference('ExtendedPatronAttributes'),
+
+ csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }),
);
output_html_with_http_headers $input, $cookie, $template->output;