Bug 18124: Change the calls to generate and check CSRF tokens

[srvgit] / members / member-flags.pl

diff --git a/members/member-flags.pl b/members/member-flags.pl
index d54984a..c188d98 100755 (executable)
--- a/members/member-flags.pl
+++ b/members/member-flags.pl
@@ -8,8 +8,6 @@ use strict;
 use warnings;
 
 use CGI qw ( -utf8 );
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
 use C4::Output;
 use C4::Auth qw(:DEFAULT :EditPermissions);
 use C4::Context;
@@ -48,8 +46,7 @@ if ($input->param('newflags')) {
 
     die "Wrong CSRF token"
         unless Koha::Token->new->check_csrf({
-            id     => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
-            secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+            session_id => scalar $input->cookie('CGISESSID'),
             token  => scalar $input->param('csrf_token'),
         });
 
@@ -217,11 +214,7 @@ $template->param(
                is_child        => ($bor->{'category_type'} eq 'C'),
                activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
         RoutingSerials => C4::Context->preference('RoutingSerials'),
-        csrf_token => Koha::Token->new->generate_csrf(
-            {   id     => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
-                secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
-            }
-        ),
+        csrf_token => Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID'), } ),
                );
 
     output_html_with_http_headers $input, $cookie, $template->output;