Bug 20067: Fix other checks for linked authorised value categories

[koha.git] / tools / picture-upload.pl

diff --git a/tools/picture-upload.pl b/tools/picture-upload.pl
index a3b549e..804bd96 100755 (executable)
--- a/tools/picture-upload.pl
+++ b/tools/picture-upload.pl
@@ -25,8 +25,6 @@ use File::Temp;
 use File::Copy;
 use CGI qw ( -utf8 );
 use GD;
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
 use C4::Context;
 use C4::Auth;
 use C4::Output;
@@ -34,7 +32,6 @@ use C4::Members;
 use C4::Debug;
 
 use Koha::Patrons;
-use Koha::Patron::Image;
 use Koha::Patron::Images;
 use Koha::Token;
 
@@ -88,8 +85,7 @@ if ( ( $op eq 'Upload' ) && $uploadfile ) {
 
     die "Wrong CSRF token"
         unless Koha::Token->new->check_csrf({
-            id     => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
-            secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+            session_id => scalar $input->cookie('CGISESSID'),
             token  => scalar $input->param('csrf_token'),
         });
 
@@ -176,8 +172,7 @@ elsif ( ( $op eq 'Upload' ) && !$uploadfile ) {
 elsif ( $op eq 'Delete' ) {
     die "Wrong CSRF token"
         unless Koha::Token->new->check_csrf({
-            id     => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
-            secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+            session_id => scalar $input->cookie('CGISESSID'),
             token  => scalar $input->param('csrf_token'),
         });
 
@@ -195,8 +190,7 @@ if ( $borrowernumber && !%errors && !$template->param('ERRORS') ) {
 else {
     $template->param(
         csrf_token => Koha::Token->new->generate_csrf({
-            id     => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
-            secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+            session_id => scalar $input->cookie('CGISESSID'),
         }),
     );
     output_html_with_http_headers $input, $cookie, $template->output;