Bug 17109: [QA Follow-up] Die when wrong token

[srvgit] / koha-tmpl / intranet-tmpl / prog / en / modules / basket / sendbasketform.tt

diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt
index d0f7957..b78a650 100644 (file)
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasketform.tt
@@ -7,7 +7,7 @@
 
        [% IF ( SENT ) %]
         <h3>Message sent</h3>
-           <p>The cart was sent to: [% email_add %]</p>
+        <p>The cart was sent to: [% email_add |html %]</p>
                <p><a class="focus close" href="#">Close window</a></p>
        [% END %]
        [% IF ( error ) %]
@@ -16,7 +16,7 @@
        
 [% ELSE %]
 
-<form action="[% url %]" method="post">
+<form action="/cgi-bin/koha/basket/sendbasket.pl" method="post">
 
 <fieldset class="rows"> 
 <legend>Sending your cart</legend>
@@ -28,10 +28,11 @@
             <label for="comment">Comment:</label>
             <textarea id="comment" name="comment" rows="4" cols="40"></textarea>
     </li>
-    <li>
-        <input type="hidden" name="bib_list" value="[% bib_list %]" />
-    </li></ol></fieldset>
-       <fieldset class="action"> <input type="submit" value="Send" /> <a class="cancel close" href="#">Cancel</a> </fieldset>
+    </ol>
+    </fieldset>
+    <fieldset class="action"> <input type="submit" value="Send" /> <a class="cancel close" href="#">Cancel</a> </fieldset>
+    <input type="hidden" name="bib_list" value="[% bib_list %]" />
+    <input type="hidden" name="csrf_token" value="[% csrf_token %]" />
 </form>
 
 [% END %]</div>