- my $email_from = C4::Context->preference('KohaAdminEmailAddress');
- my $comment = $query->param('comment');
- my %mail = (
- To => $email_add,
- From => $email_from
- );
-
- my ( $template2, $borrowernumber, $cookie ) = get_template_and_user(
- {
- template_name => "basket/sendbasket.tmpl",
- query => $query,
- type => "intranet",
- authnotrequired => 0,
- flagsrequired => { borrow => 1 },
- }
+ output_and_exit( $query, $cookie, $template, 'wrong_csrf_token' )
+ unless Koha::Token->new->check_csrf({
+ session_id => scalar $query->cookie('CGISESSID'),
+ token => scalar $query->param('csrf_token'),
+ });
+ my $comment = $query->param('comment');
+
+ # Since we are already logged in, no need to check credentials again
+ # when loading a second template.
+ my $template2 = C4::Templates::gettemplate(
+ 'basket/sendbasket.tt', 'intranet', $query,