use warnings;
use CGI qw ( -utf8 );
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
use C4::Output;
use C4::Auth qw(:DEFAULT :EditPermissions);
use C4::Context;
die "Wrong CSRF token"
unless Koha::Token->new->check_csrf({
- id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
+ session_id => scalar $input->cookie('CGISESSID'),
token => scalar $input->param('csrf_token'),
});
is_child => ($bor->{'category_type'} eq 'C'),
activeBorrowerRelationship => (C4::Context->preference('borrowerRelationship') ne ''),
RoutingSerials => C4::Context->preference('RoutingSerials'),
- csrf_token => Koha::Token->new->generate_csrf(
- { id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
- secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
- }
- ),
+ csrf_token => Koha::Token->new->generate_csrf( { session_id => scalar $input->cookie('CGISESSID'), } ),
);
output_html_with_http_headers $input, $cookie, $template->output;