Bug 16929: [QA Follow-up] Shortcut methods and use statements

[koha.git] / opac / opac-memberentry.pl

diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl
index b73ee1b..e4945e7 100755 (executable)
--- a/opac/opac-memberentry.pl
+++ b/opac/opac-memberentry.pl
@@ -20,7 +20,7 @@ use Modern::Perl;
 use CGI qw ( -utf8 );
 use Digest::MD5 qw( md5_base64 md5_hex );
 use String::Random qw( random_string );
-use WWW::CSRF qw(generate_csrf_token check_csrf_token CSRF_OK);
+use HTML::Entities;
 
 use C4::Auth;
 use C4::Output;
@@ -33,6 +33,7 @@ use C4::Scrubber;
 use Email::Valid;
 use Koha::DateUtils;
 use Koha::Patron::Images;
+use Koha::Token;
 
 my $cgi = new CGI;
 my $dbh = C4::Context->dbh;
@@ -181,8 +182,12 @@ if ( $action eq 'create' ) {
 elsif ( $action eq 'update' ) {
 
     my $borrower = GetMember( borrowernumber => $borrowernumber );
-    my $csrf_status = check_csrf_token($borrower->{userid}, md5_base64(C4::Context->config('pass')), scalar $cgi->param('csrf_token'));
-    die "Wrong CSRF token" unless ($csrf_status == CSRF_OK);
+    die "Wrong CSRF token"
+        unless Koha::Token->new->check_csrf({
+            id     => $borrower->{userid},
+            secret => md5_base64( C4::Context->config('pass') ),
+            token  => scalar $cgi->param('csrf_token'),
+        });
 
     my %borrower = ParseCgiForBorrower($cgi);
 
@@ -196,7 +201,10 @@ elsif ( $action eq 'update' ) {
             empty_mandatory_fields => \@empty_mandatory_fields,
             invalid_form_fields    => $invalidformfields,
             borrower               => \%borrower,
-            csrf_token             => generate_csrf_token($borrower->{userid}, md5_base64(C4::Context->config('pass'))),
+            csrf_token             => Koha::Token->new->generate_csrf({
+                id     => $borrower->{userid},
+                secret => md5_base64( C4::Context->config('pass') ),
+            }),
         );
 
         $template->param( action => 'edit' );
@@ -228,7 +236,10 @@ elsif ( $action eq 'update' ) {
                 action => 'edit',
                 nochanges => 1,
                 borrower => GetMember( borrowernumber => $borrowernumber ),
-                csrf_token => generate_csrf_token($borrower->{userid}, md5_base64(C4::Context->config('pass')))
+                csrf_token => Koha::Token->new->generate_csrf({
+                    id     => $borrower->{userid},
+                    secret => md5_base64( C4::Context->config('pass') ),
+                }),
             );
         }
     }
@@ -248,7 +259,10 @@ elsif ( $action eq 'edit' ) {    #Display logged in borrower's data
         borrower  => $borrower,
         guarantor => scalar Koha::Patrons->find($borrowernumber)->guarantor(),
         hidden => GetHiddenFields( $mandatory, 'modification' ),
-        csrf_token => generate_csrf_token($borrower->{userid}, md5_base64(C4::Context->config('pass')))
+        csrf_token => Koha::Token->new->generate_csrf({
+            id     => $borrower->{userid},
+            secret => md5_base64( C4::Context->config('pass') ),
+        }),
     );
 
     if (C4::Context->preference('OPACpatronimages')) {
@@ -360,7 +374,7 @@ sub ParseCgiForBorrower {
     foreach ( $cgi->param ) {
         if ( $_ =~ '^borrower_' ) {
             my ($key) = substr( $_, 9 );
-            $borrower{$key} = $scrubber->scrub( $cgi->param($_) );
+            $borrower{$key} = HTML::Entities::encode( $scrubber->scrub( $cgi->param($_) ) );
         }
     }