}
);
- die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
- session_id => scalar $query->cookie('CGISESSID'),
- token => scalar $query->param('csrf_token'),
- });
+ output_and_exit( $query, $cookie, $template, 'wrong_csrf_token' )
+ unless Koha::Token->new->check_csrf({
+ session_id => scalar $query->cookie('CGISESSID'),
+ token => scalar $query->param('csrf_token'),
+ });
DelAuthority({ authid => $authid });
my $dbh = C4::Context->dbh;
if ( $email_add ) {
- die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
- session_id => scalar $query->cookie('CGISESSID'),
- token => scalar $query->param('csrf_token'),
- });
+ output_and_exit( $query, $cookie, $template, 'wrong_csrf_token' )
+ unless Koha::Token->new->check_csrf({
+ session_id => scalar $query->cookie('CGISESSID'),
+ token => scalar $query->param('csrf_token'),
+ });
my $email = Koha::Email->new();
my %mail = $email->create_message_headers({ to => $email_add });
my $comment = $query->param('comment');
<div class="dialog message">This subscription does not exist.</div>
[% CASE 'unknown_basket' %]
<div class="dialog message">This basket does not exist.</div>
+ [% CASE 'wrong_csrf_token' %]
+ <div class="dialog message">The form submission failed (Wrong CSRF token). Try to come back, refresh the page, then try again.</div>
[% CASE %][% blocking_error | html %]
[% END %]
[% ELSE %]
+[% INCLUDE 'blocking_errors.inc' %]
<form action="/cgi-bin/koha/basket/sendbasket.pl" method="post">
<fieldset class="rows">
<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> › <a href="/cgi-bin/koha/tools/tools-home.pl">Tools</a> › <a href="/cgi-bin/koha/tools/import_borrowers.pl">Import patrons</a>[% IF ( uploadborrowers ) %] › Results[% END %]</div>
+[% INCLUDE 'blocking_errors.inc' %]
<div class="main container-fluid">
<div class="row">
<div class="col-sm-10 col-sm-push-2">
<div id="breadcrumbs"><a href="/cgi-bin/koha/mainpage.pl">Home</a> › <a href="/cgi-bin/koha/tools/tools-home.pl">Tools</a> › [% IF ( TOTAL ) %]<a href="/cgi-bin/koha/tools/picture-upload.pl">Upload patron images</a> › Results[% ELSE %]Upload patron images[% END %] </div>
+[% INCLUDE 'blocking_errors.inc' %]
<div class="main container-fluid">
<div class="row">
<div class="col-sm-10 col-sm-push-2">
$op eq 'revoke' or
$op eq 'activate' ) {
- die "Wrong CSRF token"
- unless Koha::Token->new->check_csrf({
- session_id => scalar $cgi->cookie('CGISESSID'),
- token => scalar $cgi->param('csrf_token'),
- });
+ output_and_exit( $cgi, $cookie, $template, 'wrong_csrf_token' )
+ unless Koha::Token->new->check_csrf({
+ session_id => scalar $cgi->cookie('CGISESSID'),
+ token => scalar $cgi->param('csrf_token'),
+ });
}
if ($op) {
}
} elsif ( $op eq 'delete_confirmed' ) {
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf( {
session_id => $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
if ($add){
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf( {
session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
my $input=new CGI;
my $flagsrequired = { borrowers => 'edit_borrowers' };
+my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
+ { template_name => "members/maninvoice.tt",
+ query => $input,
+ type => "intranet",
+ authnotrequired => 0,
+ flagsrequired => $flagsrequired,
+ debug => 1,
+ }
+);
my $borrowernumber=$input->param('borrowernumber');
my $add=$input->param('add');
if ($add){
if ( checkauth( $input, 0, $flagsrequired, 'intranet' ) ) {
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf( {
session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
my $note = $input->param('note');
my $error = manualinvoice( $borrowernumber, $itemnum, $desc, $type, $amount, $note );
if ($error) {
- my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
- { template_name => "members/maninvoice.tt",
- query => $input,
- type => "intranet",
- authnotrequired => 0,
- flagsrequired => $flagsrequired,
- debug => 1,
- }
- );
if ( $error =~ /FOREIGN KEY/ && $error =~ /itemnumber/ ) {
$template->param( 'ITEMNUMBER' => 1 );
}
if ($input->param('newflags')) {
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf({
session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
if ( $newpassword and not @errors) {
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf({
session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
my $extended_patron_attributes = ();
if ($op eq 'save' || $op eq 'insert'){
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf({
session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
total_due => $total_due
);
} else {
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf( {
session_id => $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
$template->param( SCRIPT_NAME => '/cgi-bin/koha/tools/import_borrowers.pl' );
if ( $uploadborrowers && length($uploadborrowers) > 0 ) {
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf({
session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
# Case is important in these operational values as the template must use case to be visually pleasing!
if ( ( $op eq 'Upload' ) && $uploadfile ) {
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf({
session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
$template->param( filetype => $filetype );
}
elsif ( $op eq 'Delete' ) {
- die "Wrong CSRF token"
+ output_and_exit( $input, $cookie, $template, 'wrong_csrf_token' )
unless Koha::Token->new->check_csrf({
session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),