#use warnings; FIXME - Bug 2505
use CGI qw ( -utf8 );
+use Digest::MD5 qw(md5_base64);
use C4::Context;
use C4::Output;
use C4::Auth;
use C4::Members;
-use C4::Branch; # GetBranches
use Module::Load;
+use Koha::Patrons;
use Koha::Patron::Images;
+use Koha::Token;
+
if ( C4::Context->preference('NorwegianPatronDBEnable') && C4::Context->preference('NorwegianPatronDBEnable') == 1 ) {
load Koha::NorwegianPatronDB, qw( NLMarkForDeletion NLSync );
}
#Do not delete yourself...
if ($borrowernumber == $member ) {
print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_YOURSELF");
- exit 1;
+ exit 0; # Exit without error
}
# Handle deletion from the Norwegian national patron database, if it is enabled
if ($bor->{category_type} eq "S") {
unless(C4::Auth::haspermission($userenv->{'id'},{'staffaccess'=>1})) {
print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_STAFF");
- exit 1;
+ exit 0; # Exit without error
}
} else {
unless(C4::Auth::haspermission($userenv->{'id'},{'borrowers'=>1})) {
print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE");
- exit 1;
+ exit 0; # Exit without error
}
}
if ( !C4::Context->IsSuperLibrarian() && $bor->{'branchcode'}){
unless ($userenv->{branch} eq $bor->{'branchcode'}){
print $input->redirect("/cgi-bin/koha/members/moremember.pl?borrowernumber=$member&error=CANT_DELETE_OTHERLIBRARY");
- exit;
+ exit 0; # Exit without error
}
}
}
my $op = $input->param('op') || 'delete_confirm';
my $dbh = C4::Context->dbh;
my $is_guarantor = $dbh->selectrow_array("SELECT COUNT(*) FROM borrowers WHERE guarantorid=?", undef, $member);
-if ( $op eq 'delete_confirm' or $countissues > 0 or $flags->{'CHARGES'} or $is_guarantor or $deletelocal == 0){
+if ( $op eq 'delete_confirm' or $countissues > 0 or $flags->{'CHARGES'} or $is_guarantor or $deletelocal == 0) {
my $patron_image = Koha::Patron::Images->find($bor->{borrowernumber});
$template->param( picture => 1 ) if $patron_image;
phone => $bor->{'phone'},
email => $bor->{'email'},
branchcode => $bor->{'branchcode'},
- branchname => GetBranchName($bor->{'branchcode'}),
activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
RoutingSerials => C4::Context->preference('RoutingSerials'),
);
}
# This is silly written but reflect the same conditions as above
if ( not $countissues > 0 and not $flags->{CHARGES} ne '' and not $is_guarantor and not $deletelocal == 0 ) {
- $template->param( op => 'delete_confirm' );
+ $template->param(
+ op => 'delete_confirm',
+ csrf_token => Koha::Token->new->generate_csrf(
+ { id => C4::Context->userenv->{id},
+ secret => md5_base64( C4::Context->config('pass') ),
+ }
+ ),
+ );
}
-}elsif ( $op eq 'delete_confirmed' ) {
- MoveMemberToDeleted($member);
- C4::Members::HandleDelBorrower($member);
- DelMember($member);
+} elsif ( $op eq 'delete_confirmed' ) {
+
+ die "Wrong CSRF token"
+ unless Koha::Token->new->check_csrf({
+ id => C4::Context->userenv->{id},
+ secret => md5_base64( C4::Context->config('pass') ),
+ token => scalar $input->param('csrf_token'),
+ });
+ my $patron = Koha::Patrons->find( $member );
+ $patron->move_to_deleted;
+ $patron->delete;
# TODO Tell the user everything went ok
print $input->redirect("/cgi-bin/koha/members/members-home.pl");
+ exit 0; # Exit without error
}
output_html_with_http_headers $input, $cookie, $template->output;
-