Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl)

Since Bug 14408, the method get_template_and_user can not have an empty template_name.
Pages calling with an empty value should use C4::Auth::checkauth()

This patch corrects opac/opac-ratings.pl

Test plan :
- Apply patch
- Set sysopref OpacStarRatings to 'results and details'
- Disable Javascipt on your browser (otherwise it will use ajax)
- Login at OPAC
- Go to a record
- Click on a button left of 'Rate me' to choose a rating, ie 4
- Click on 'Rate me'
=> The page is reloaded and you see 'your rating: 4'
- Loggout from OPAC
- Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl
=> You see the loggin page

Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
index 5e7591d..d79a51c 100644 (file)
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt
@@ -498,7 +498,6 @@
                                 <!-- define some hidden vars for ratings -->
 
                                 <input  type="hidden" name='biblionumber'  value="[% biblionumber %]" />
-                                <input  type="hidden" name='borrowernumber'  value="[% borrowernumber %]" />
                                 <input  type="hidden" name='rating_value' id='rating_value' value="[% rating_value %]" />
                                 <input  type="hidden" name='rating_total' id='rating_total' value="[% rating_total %]" />
                                 <input  type="hidden" name='rating_avg_int' id='rating_avg_int' value="[% rating_avg_int %]" />

diff --git a/opac/opac-ratings.pl b/opac/opac-ratings.pl
index bb1297e..2ad0cb0 100755 (executable)
--- a/opac/opac-ratings.pl
+++ b/opac/opac-ratings.pl
@@ -28,27 +28,17 @@ note: there is currently no 'delete rating' functionality in this script
 use strict;
 use warnings;
 use CGI qw ( -utf8 );
-use CGI::Cookie;
-use C4::Auth qw(:DEFAULT check_cookie_auth);
+
+use C4::Auth;
 use C4::Context;
-use C4::Output;
-use C4::Dates qw(format_date);
-use C4::Biblio;
 use C4::Ratings;
 use C4::Debug;
 
 my $query = CGI->new();
-my $a     = $query->Vars;
-####  $a
-my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
-    {
-        template_name   => "",
-        query           => $query,
-        type            => "opac",
-        authnotrequired => 0,        # auth required to add tags
-        debug           => 0,
-    }
-);
+
+# auth required to add ratings
+my ($userid, $cookie, $sessionID) = checkauth( $query, 0, {}, 'opac' );
+my $loggedinuser = C4::Context->userenv->{'number'};
 
 my $biblionumber     = $query->param('biblionumber');
 my $rating_old_value = $query->param('rating_value');