$_->{'time'},
) foreach @recentSearches;
- # And then, delete the cookie's content
- my $newsearchcookie = $in->{'query'}->cookie(
- -name => 'KohaOpacRecentSearches',
- -value => freeze([]),
- -expires => ''
- );
+ # And then, delete the cookie's content
+ my $newsearchcookie = $in->{'query'}->cookie(
+ -name => 'KohaOpacRecentSearches',
+ -value => freeze([]),
+ -HttpOnly => 1,
+ -expires => ''
+ );
$cookie = [$cookie, $newsearchcookie];
}
}
}
if(C4::Context->preference('dateformat')){
+ $template->param( dateformat => C4::Context->preference('dateformat') );
if(C4::Context->preference('dateformat') eq "metric"){
$template->param(dateformat_metric => 1);
} elsif(C4::Context->preference('dateformat') eq "us"){
# when using authentication against multiple CAS servers, as configured in Auth_cas_servers.yaml
my $casparam = $query->param('cas');
- if ( $userid = $ENV{'REMOTE_USER'} ) {
- # Using Basic Authentication, no cookies required
+ if ( $userid = $ENV{'REMOTE_USER'} ) {
+ # Using Basic Authentication, no cookies required
$cookie = $query->cookie(
- -name => 'CGISESSID',
- -value => '',
- -expires => ''
+ -name => 'CGISESSID',
+ -value => '',
+ -expires => '',
+ -HttpOnly => 1,
);
$loggedin = 1;
}
- elsif ( $sessionID = $query->cookie("CGISESSID")) { # assignment, not comparison
+ elsif ( $sessionID = $query->cookie("CGISESSID") )
+ { # assignment, not comparison
my $session = get_session($sessionID);
C4::Context->_new_userenv($sessionID);
my ($ip, $lasttime, $sessiontype);
$userid = undef;
}
else {
- $cookie = $query->cookie( CGISESSID => $session->id );
- $session->param('lasttime',time());
+ $cookie = $query->cookie(
+ -name => 'CGISESSID',
+ -value => $session->id,
+ -HttpOnly => 1
+ );
+ $session->param( 'lasttime', time() );
unless ( $sessiontype && $sessiontype eq 'anon' ) { #if this is an anonymous session, we want to update the session, but not behave as if they are logged in...
$flags = haspermission($userid, $flagsrequired);
if ($flags) {
my $session = get_session("") or die "Auth ERROR: Cannot get_session()";
my $sessionID = $session->id;
C4::Context->_new_userenv($sessionID);
- $cookie = $query->cookie( CGISESSID => $sessionID );
- $userid = $query->param('userid');
+ $cookie = $query->cookie(
+ -name => 'CGISESSID',
+ -value => $session->id,
+ -HttpOnly => 1
+ );
+ $userid = $query->param('userid');
if ( ( $cas && $query->param('ticket') )
|| $userid
|| ( my $pki_field = C4::Context->preference('AllowPKIAuth') ) ne
{
# successful login
unless ($cookie) {
- $cookie = $query->cookie( CGISESSID => '' );
+ $cookie = $query->cookie(
+ -name => 'CGISESSID',
+ -value => '',
+ -HttpOnly => 1
+ );
}
return ( $userid, $cookie, $sessionID, $flags );
}
my $value = $query->param($name);
push @inputs, { name => $name, value => $value };
}
- # get the branchloop, which we need for authentication
- my $branches = GetBranches();
- my @branch_loop;
- for my $branch_hash (sort keys %$branches) {
- push @branch_loop, {branchcode => "$branch_hash", branchname => $branches->{$branch_hash}->{'branchname'}, };
- }
my $template_name = ( $type eq 'opac' ) ? 'opac-auth.tmpl' : 'auth.tmpl';
my $template = C4::Templates::gettemplate($template_name, $type, $query );
$template->param(
- branchloop => \@branch_loop,
+ branchloop => GetBranchesLoop(),
opaccolorstylesheet => C4::Context->preference("opaccolorstylesheet"),
opaclayoutstylesheet => C4::Context->preference("opaclayoutstylesheet"),
login => 1,
$sessionID = undef;
return ("expired", undef, undef);
} else {
- my $cookie = $query->cookie( CGISESSID => $session->id );
+ my $cookie = $query->cookie(
+ -name => 'CGISESSID',
+ -value => $session->id,
+ -HttpOnly => 1,
+ );
$session->param('lasttime',time());
my $flags = haspermission($userid, $flagsrequired);
if ($flags) {
my $sessionID = $session->id;
C4::Context->_new_userenv($sessionID);
- my $cookie = $query->cookie(CGISESSID => $sessionID);
+ my $cookie = $query->cookie(
+ -name => 'CGISESSID',
+ -value => $sessionID,
+ -HttpOnly => 1,
+ );
if ( $return == 1 ) {
my (
$borrowernumber, $firstname, $surname,
projects / koha_fer / blobdiff