use File::Copy;
use CGI qw ( -utf8 );
use GD;
-use Digest::MD5 qw(md5_base64);
use C4::Context;
use C4::Auth;
use C4::Output;
use C4::Debug;
use Koha::Patrons;
-use Koha::Patron::Image;
use Koha::Patron::Images;
use Koha::Token;
# Case is important in these operational values as the template must use case to be visually pleasing!
if ( ( $op eq 'Upload' ) && $uploadfile ) {
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf({
- id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
}
close $tfh;
if ( $filetype eq 'zip' ) {
- unless ( system( "unzip", $tempfile, '-d', $dirname ) == 0 ) {
+ qx/unzip $tempfile -d $dirname/;
+ my $exit_code = $?;
+ unless ( $exit_code == 0 ) {
$errors{'UZIPFAIL'} = $uploadfilename;
$template->param( ERRORS => [ \%errors ] );
# This error is fatal to the import, so bail out here
$template->param( filetype => $filetype );
}
elsif ( $op eq 'Delete' ) {
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf({
- id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
else {
$template->param(
csrf_token => Koha::Token->new->generate_csrf({
- id => C4::Context->userenv->{id},
- secret => md5_base64( C4::Context->config('pass') ),
+ session_id => scalar $input->cookie('CGISESSID'),
}),
);
output_html_with_http_headers $input, $cookie, $template->output;