# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
-use strict;
-use warnings;
+use Modern::Perl;
use CGI qw ( -utf8 );
use Encode qw(encode);
use Carp;
-
use Mail::Sendmail;
use MIME::QuotedPrint;
use MIME::Base64;
+
use C4::Biblio;
use C4::Items;
use C4::Auth;
use C4::Output;
-use C4::Biblio;
use C4::Members;
+use C4::Templates ();
use Koha::Email;
+use Koha::Patrons;
+use Koha::Token;
my $query = new CGI;
}
);
-my $bib_list = $query->param('bib_list');
+my $bib_list = $query->param('bib_list') || '';
my $email_add = $query->param('email_add');
my $dbh = C4::Context->dbh;
if ( $email_add ) {
+ die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
+ session_id => scalar $query->cookie('CGISESSID'),
+ token => scalar $query->param('csrf_token'),
+ });
my $email = Koha::Email->new();
- my $user = GetMember(borrowernumber => $borrowernumber);
- my $user_email = GetFirstValidEmailAddress($borrowernumber)
+ my $patron = Koha::Patrons->find( $borrowernumber );
+ my $user_email = $patron->first_valid_email_address
|| C4::Context->preference('KohaAdminEmailAddress');
- my $email_replyto = "$user->{firstname} $user->{surname} <$user_email>";
+ my $email_replyto = $patron->firstname . " " . $patron->surname . " <$user_email>";
my $comment = $query->param('comment');
# if you want to use the KohaAdmin address as from, that is the default no need to set it
});
$mail{'X-Abuse-Report'} = C4::Context->preference('KohaAdminEmailAddress');
- my ( $template2, $borrowernumber, $cookie ) = get_template_and_user(
- {
- template_name => "opac-sendbasket.tt",
- query => $query,
- type => "opac",
- authnotrequired => 0,
- }
+ # Since we are already logged in, no need to check credentials again
+ # when loading a second template.
+ my $template2 = C4::Templates::gettemplate(
+ 'opac-sendbasket.tt', 'opac', $query,
);
my @bibs = split( /\//, $bib_list );
my $dat = GetBiblioData($biblionumber);
next unless $dat;
- my $record = GetMarcBiblio($biblionumber, 1);
- my $marcnotesarray = GetMarcNotes( $record, $marcflavour );
+ my $record = GetMarcBiblio({
+ biblionumber => $biblionumber,
+ embed_items => 1 });
my $marcauthorsarray = GetMarcAuthors( $record, $marcflavour );
my $marcsubjctsarray = GetMarcSubjects( $record, $marcflavour );
}
- $dat->{MARCNOTES} = $marcnotesarray;
$dat->{MARCSUBJCTS} = $marcsubjctsarray;
$dat->{MARCAUTHORS} = $marcauthorsarray;
$dat->{HASAUTHORS} = $hasauthors;
$template2->param(
BIBLIO_RESULTS => $resultsarray,
comment => $comment,
- firstname => $user->{firstname},
- surname => $user->{surname},
+ firstname => $patron->firstname,
+ surname => $patron->surname,
);
# Getting template result
output_html_with_http_headers $query, $cookie, $template->output;
}
else {
- $template->param( bib_list => $bib_list );
+ my $new_session_id = $cookie->value;
$template->param(
+ bib_list => $bib_list,
url => "/cgi-bin/koha/opac-sendbasket.pl",
suggestion => C4::Context->preference("suggestion"),
virtualshelves => C4::Context->preference("virtualshelves"),
+ csrf_token => Koha::Token->new->generate_csrf(
+ { session_id => $new_session_id, } ),
);
output_html_with_http_headers $query, $cookie, $template->output;
}
projects / koha.git / blobdiff