X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;f=opac%2Fopac-sendbasket.pl;h=09c462c8dc88e8468ab82318715a4a3611f27748;hb=5e2b67d8c5982029c427c75930bfec6a4395dd9f;hp=d0aa34a34691b94242e015a8e75e3d9cfd2ab31b;hpb=a0e5d77a719443c6616194a898795f70d34d6ebc;p=koha.git diff --git a/opac/opac-sendbasket.pl b/opac/opac-sendbasket.pl index d0aa34a346..09c462c8dc 100755 --- a/opac/opac-sendbasket.pl +++ b/opac/opac-sendbasket.pl @@ -4,36 +4,37 @@ # # This file is part of Koha. # -# Koha is free software; you can redistribute it and/or modify it under the -# terms of the GNU General Public License as published by the Free Software -# Foundation; either version 2 of the License, or (at your option) any later -# version. +# Koha is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. # -# Koha is distributed in the hope that it will be useful, but WITHOUT ANY -# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR -# A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# Koha is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License along -# with Koha; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# You should have received a copy of the GNU General Public License +# along with Koha; if not, see . -use strict; -use warnings; +use Modern::Perl; use CGI qw ( -utf8 ); use Encode qw(encode); use Carp; - use Mail::Sendmail; use MIME::QuotedPrint; use MIME::Base64; + use C4::Biblio; use C4::Items; use C4::Auth; use C4::Output; -use C4::Biblio; use C4::Members; +use C4::Templates (); use Koha::Email; +use Koha::Patrons; +use Koha::Token; my $query = new CGI; @@ -43,23 +44,25 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user ( query => $query, type => "opac", authnotrequired => 0, - flagsrequired => { borrow => 1 }, } ); -my $bib_list = $query->param('bib_list'); +my $bib_list = $query->param('bib_list') || ''; my $email_add = $query->param('email_add'); -my $email_sender = $query->param('email_sender'); my $dbh = C4::Context->dbh; if ( $email_add ) { + die "Wrong CSRF token" unless Koha::Token->new->check_csrf({ + session_id => scalar $query->cookie('CGISESSID'), + token => scalar $query->param('csrf_token'), + }); my $email = Koha::Email->new(); - my $user = GetMember(borrowernumber => $borrowernumber); - my $user_email = GetFirstValidEmailAddress($borrowernumber) + my $patron = Koha::Patrons->find( $borrowernumber ); + my $user_email = $patron->first_valid_email_address || C4::Context->preference('KohaAdminEmailAddress'); - my $email_replyto = "$user->{firstname} $user->{surname} <$user_email>"; + my $email_replyto = $patron->firstname . " " . $patron->surname . " <$user_email>"; my $comment = $query->param('comment'); # if you want to use the KohaAdmin address as from, that is the default no need to set it @@ -69,14 +72,10 @@ if ( $email_add ) { }); $mail{'X-Abuse-Report'} = C4::Context->preference('KohaAdminEmailAddress'); - my ( $template2, $borrowernumber, $cookie ) = get_template_and_user( - { - template_name => "opac-sendbasket.tt", - query => $query, - type => "opac", - authnotrequired => 0, - flagsrequired => { borrow => 1 }, - } + # Since we are already logged in, no need to check credentials again + # when loading a second template. + my $template2 = C4::Templates::gettemplate( + 'opac-sendbasket.tt', 'opac', $query, ); my @bibs = split( /\//, $bib_list ); @@ -87,8 +86,10 @@ if ( $email_add ) { $template2->param( biblionumber => $biblionumber ); my $dat = GetBiblioData($biblionumber); - my $record = GetMarcBiblio($biblionumber, 1); - my $marcnotesarray = GetMarcNotes( $record, $marcflavour ); + next unless $dat; + my $record = GetMarcBiblio({ + biblionumber => $biblionumber, + embed_items => 1 }); my $marcauthorsarray = GetMarcAuthors( $record, $marcflavour ); my $marcsubjctsarray = GetMarcSubjects( $record, $marcflavour ); @@ -100,7 +101,6 @@ if ( $email_add ) { } - $dat->{MARCNOTES} = $marcnotesarray; $dat->{MARCSUBJCTS} = $marcsubjctsarray; $dat->{MARCAUTHORS} = $marcauthorsarray; $dat->{HASAUTHORS} = $hasauthors; @@ -116,10 +116,9 @@ if ( $email_add ) { $template2->param( BIBLIO_RESULTS => $resultsarray, - email_sender => $email_sender, comment => $comment, - firstname => $user->{firstname}, - surname => $user->{surname}, + firstname => $patron->firstname, + surname => $patron->surname, ); # Getting template result @@ -193,11 +192,14 @@ END_OF_BODY output_html_with_http_headers $query, $cookie, $template->output; } else { - $template->param( bib_list => $bib_list ); + my $new_session_id = $cookie->value; $template->param( + bib_list => $bib_list, url => "/cgi-bin/koha/opac-sendbasket.pl", suggestion => C4::Context->preference("suggestion"), virtualshelves => C4::Context->preference("virtualshelves"), + csrf_token => Koha::Token->new->generate_csrf( + { session_id => $new_session_id, } ), ); output_html_with_http_headers $query, $cookie, $template->output; }