use Koha::Patron::Debarments;
use Koha::Patrons;
use Koha::DateUtils;
+use Koha::Token;
use Text::CSV;
# Text::CSV::Unicode, even in binary mode, fails to parse lines with these diacriticals:
use CGI qw ( -utf8 );
# use encoding 'utf8'; # don't do this
+use Digest::MD5 qw(md5_base64);
my (@errors, @feedback);
my $extended = C4::Context->preference('ExtendedPatronAttributes');
$template->param( SCRIPT_NAME => '/cgi-bin/koha/tools/import_borrowers.pl' );
if ( $uploadborrowers && length($uploadborrowers) > 0 ) {
+ die "Wrong CSRF token"
+ unless Koha::Token->new->check_csrf({
+ id => C4::Context->userenv->{id},
+ secret => md5_base64( C4::Context->config('pass') ),
+ token => scalar $input->param('csrf_token'),
+ });
+
push @feedback, {feedback=>1, name=>'filename', value=>$uploadborrowers, filename=>$uploadborrowers};
my $handle = $input->upload('uploadborrowers');
my $uploadinfo = $input->uploadInfo($uploadborrowers);
}
$template->param(matchpoints => \@matchpoints);
}
+
+ $template->param(
+ csrf_token => Koha::Token->new->generate_csrf(
+ { id => C4::Context->userenv->{id},
+ secret => md5_base64( C4::Context->config('pass') ),
+ }
+ ),
+ );
+
}
output_html_with_http_headers $input, $cookie, $template->output;