use CGI qw ( -utf8 );
use Encode qw(encode);
use Carp;
-use Digest::MD5 qw(md5_base64);
use Mail::Sendmail;
use MIME::QuotedPrint;
use MIME::Base64;
if ( $email_add ) {
die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $query->cookie('CGISESSID'),
token => scalar $query->param('csrf_token'),
});
my $email = Koha::Email->new();
url => "/cgi-bin/koha/basket/sendbasket.pl",
suggestion => C4::Context->preference("suggestion"),
virtualshelves => C4::Context->preference("virtualshelves"),
- csrf_token => Koha::Token->new->generate_csrf(
- { id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
- }
- ),
+ csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $query->cookie('CGISESSID'), }),
);
output_html_with_http_headers $query, $cookie, $template->output;
}
#use warnings; FIXME - Bug 2505
use CGI qw ( -utf8 );
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
use C4::Context;
use C4::Output;
use C4::Auth;
if ( not $countissues > 0 and not $flags->{CHARGES} ne '' and not $is_guarantor and not $deletelocal == 0 ) {
$template->param(
op => 'delete_confirm',
- csrf_token => Koha::Token->new->generate_csrf(
- { id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
- }
- ),
+ csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }),
);
}
} elsif ( $op eq 'delete_confirmed' ) {
die "Wrong CSRF token"
- unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ unless Koha::Token->new->check_csrf( {
+ session_id => $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
my $patron = Koha::Patrons->find( $member );
use warnings;
use CGI qw ( -utf8 );
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
use C4::Output;
use C4::Auth qw(:DEFAULT :EditPermissions);
use C4::Context;
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
is_child => ($bor->{'category_type'} eq 'C'),
activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
RoutingSerials => C4::Context->preference('RoutingSerials'),
- csrf_token => Koha::Token->new->generate_csrf(
- { id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
- }
- ),
+ csrf_token => Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID'), } ),
);
output_html_with_http_headers $input, $cookie, $template->output;
use Koha::Patron::Categories;
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
-
my $input = new CGI;
my $theme = $input->param('theme') || "default";
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
activeBorrowerRelationship => ( C4::Context->preference('borrowerRelationship') ne '' ),
minPasswordLength => $minpw,
RoutingSerials => C4::Context->preference('RoutingSerials'),
- csrf_token => Koha::Token->new->generate_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
- }),
+ csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID'), }),
);
if ( scalar(@errors) ) {
# external modules
use CGI qw ( -utf8 );
use List::MoreUtils qw/uniq/;
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
# internal modules
use C4::Auth;
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
);
# Generate CSRF token
-$template->param(
- csrf_token => Koha::Token->new->generate_csrf(
- { id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
- }
- ),
+$template->param( csrf_token =>
+ Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID'), } ),
);
# HouseboundModule data
use strict;
#use warnings; FIXME - Bug 2505
use CGI qw ( -utf8 );
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
use C4::Context;
use C4::Auth;
use C4::Output;
$template->param( picture => 1 ) if $patron_image;
# Generate CSRF token for upload and delete image buttons
$template->param(
- csrf_token => Koha::Token->new->generate_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
- }),
+ csrf_token => Koha::Token->new->generate_csrf({ session_id => $input->cookie('CGISESSID'),}),
);
use CGI qw ( -utf8 );
use Digest::MD5 qw( md5_base64 md5_hex );
-use Encode qw( encode );
use JSON;
use List::MoreUtils qw( any each_array uniq );
use String::Random qw( random_string );
my $borrower = GetMember( borrowernumber => $borrowernumber );
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', $borrower->{userid} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $cgi->cookie('CGISESSID'),
token => scalar $cgi->param('csrf_token'),
});
invalid_form_fields => $invalidformfields,
borrower => \%borrower,
csrf_token => Koha::Token->new->generate_csrf({
- id => Encode::encode( 'UTF-8', $borrower->{userid} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $cgi->cookie('CGISESSID'),
}),
);
$template->param( patron_attribute_classes => GeneratePatronAttributesForm( $borrowernumber, $attributes ) );
borrower => GetMember( borrowernumber => $borrowernumber ),
patron_attribute_classes => GeneratePatronAttributesForm( $borrowernumber, $attributes ),
csrf_token => Koha::Token->new->generate_csrf({
- id => Encode::encode( 'UTF-8', $borrower->{userid} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $cgi->cookie('CGISESSID'),
}),
);
}
guarantor => scalar Koha::Patrons->find($borrowernumber)->guarantor(),
hidden => GetHiddenFields( $mandatory, 'modification' ),
csrf_token => Koha::Token->new->generate_csrf({
- id => Encode::encode( 'UTF-8', $borrower->{userid} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $cgi->cookie('CGISESSID'),
}),
);
use CGI qw ( -utf8 );
use Encode qw(encode);
use Carp;
-use Digest::MD5 qw(md5_base64);
use Mail::Sendmail;
use MIME::QuotedPrint;
use MIME::Base64;
if ( $email_add ) {
die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $query->cookie('CGISESSID'),
token => scalar $query->param('csrf_token'),
});
my $email = Koha::Email->new();
url => "/cgi-bin/koha/opac-sendbasket.pl",
suggestion => C4::Context->preference("suggestion"),
virtualshelves => C4::Context->preference("virtualshelves"),
- csrf_token => Koha::Token->new->generate_csrf(
- { id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
- }
- ),
+ csrf_token => Koha::Token->new->generate_csrf(
+ { session_id => scalar $query->cookie('CGISESSID'), } ),
);
output_html_with_http_headers $query, $cookie, $template->output;
}
# č
use CGI qw ( -utf8 );
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
my (@errors, @feedback);
my $extended = C4::Context->preference('ExtendedPatronAttributes');
if ( $uploadborrowers && length($uploadborrowers) > 0 ) {
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
$template->param(
csrf_token => Koha::Token->new->generate_csrf(
- { id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
- }
+ { session_id => scalar $input->cookie('CGISESSID'), }
),
);
use File::Copy;
use CGI qw ( -utf8 );
use GD;
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
use C4::Context;
use C4::Auth;
use C4::Output;
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
elsif ( $op eq 'Delete' ) {
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
else {
$template->param(
csrf_token => Koha::Token->new->generate_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $input->cookie('CGISESSID'),
}),
);
output_html_with_http_headers $input, $cookie, $template->output;