# This file is part of Koha.
#
-# Koha is free software; you can redistribute it and/or modify it under the
-# terms of the GNU General Public License as published by the Free Software
-# Foundation; either version 2 of the License, or (at your option) any later
-# version.
+# Koha is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
#
-# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
-# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# Koha is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
#
-# You should have received a copy of the GNU General Public License along with
-# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
-# Suite 330, Boston, MA 02111-1307 USA
+# You should have received a copy of the GNU General Public License
+# along with Koha; if not, see <http://www.gnu.org/licenses>.
-use strict;
-use warnings;
+use Modern::Perl;
-use CGI;
+use CGI qw ( -utf8 );
use Encode qw(encode);
use Carp;
-
+use Digest::MD5 qw(md5_base64);
use Mail::Sendmail;
use MIME::QuotedPrint;
use MIME::Base64;
+
use C4::Biblio;
use C4::Items;
use C4::Auth;
use C4::Output;
-use C4::Biblio;
+use C4::Templates ();
use Koha::Email;
+use Koha::Token;
my $query = new CGI;
query => $query,
type => "intranet",
authnotrequired => 0,
- flagsrequired => { borrow => 1 },
+ flagsrequired => { catalogue => 1 },
}
);
-my $bib_list = $query->param('bib_list');
+my $bib_list = $query->param('bib_list') || '';
my $email_add = $query->param('email_add');
-my $email_sender = $query->param('email_sender');
my $dbh = C4::Context->dbh;
+my $csrf_err;
if ( $email_add ) {
+ $csrf_err = 1 unless Koha::Token->new->check_csrf({
+ id => C4::Context->userenv->{id},
+ secret => md5_base64( C4::Context->config('pass') ),
+ token => scalar $query->param('csrf_token'),
+ });
+}
+
+if( $csrf_err ) {
+ $template->param( csrf_error => 1, email_add => 1 );
+ output_html_with_http_headers $query, $cookie, $template->output;
+} elsif ( $email_add ) {
my $email = Koha::Email->new();
my %mail = $email->create_message_headers({ to => $email_add });
my $comment = $query->param('comment');
- my ( $template2, $borrowernumber, $cookie ) = get_template_and_user(
- {
- template_name => "basket/sendbasket.tt",
- query => $query,
- type => "intranet",
- authnotrequired => 0,
- flagsrequired => { borrow => 1 },
- }
+
+ # Since we are already logged in, no need to check credentials again
+ # when loading a second template.
+ my $template2 = C4::Templates::gettemplate(
+ 'basket/sendbasket.tt', 'intranet', $query,
);
my @bibs = split( /\//, $bib_list );
$template2->param( biblionumber => $biblionumber );
my $dat = GetBiblioData($biblionumber);
- my $record = GetMarcBiblio($biblionumber);
- my $marcnotesarray = GetMarcNotes( $record, $marcflavour );
+ next unless $dat;
+ my $record = GetMarcBiblio($biblionumber, 1);
my $marcauthorsarray = GetMarcAuthors( $record, $marcflavour );
my $marcsubjctsarray = GetMarcSubjects( $record, $marcflavour );
}
- $dat->{MARCNOTES} = $marcnotesarray;
$dat->{MARCSUBJCTS} = $marcsubjctsarray;
$dat->{MARCAUTHORS} = $marcauthorsarray;
$dat->{HASAUTHORS} = $hasauthors;
my $resultsarray = \@results;
$template2->param(
BIBLIO_RESULTS => $resultsarray,
- email_sender => $email_sender,
comment => $comment
);
if ( $template_res =~ /<SUBJECT>(.*)<END_SUBJECT>/s ) {
$mail{subject} = $1;
$mail{subject} =~ s|\n?(.*)\n?|$1|;
+ $mail{subject} = Encode::encode("UTF-8", $mail{subject});
}
else { $mail{'subject'} = "no subject"; }
if ( $template_res =~ /<HEADER>(.*)<END_HEADER>/s ) {
$email_header = $1;
$email_header =~ s|\n?(.*)\n?|$1|;
- $email_header = encode_qp($email_header);
+ $email_header = encode_qp(Encode::encode("UTF-8", $email_header));
}
my $email_file = "basket.txt";
if ( $template_res =~ /<MESSAGE>(.*)<END_MESSAGE>/s ) {
$body = $1;
$body =~ s|\n?(.*)\n?|$1|;
- $body = encode_qp($body);
+ $body = encode_qp(Encode::encode("UTF-8", $body));
}
my $boundary = "====" . time() . "====";
output_html_with_http_headers $query, $cookie, $template->output;
}
else {
- $template->param( bib_list => $bib_list );
$template->param(
+ bib_list => $bib_list,
url => "/cgi-bin/koha/basket/sendbasket.pl",
suggestion => C4::Context->preference("suggestion"),
virtualshelves => C4::Context->preference("virtualshelves"),
+ csrf_token => Koha::Token->new->generate_csrf(
+ { id => C4::Context->userenv->{id},
+ secret => md5_base64( C4::Context->config('pass') ),
+ }
+ ),
);
output_html_with_http_headers $query, $cookie, $template->output;
}