Bug 17720: CSRF - Handle unicode characters

[srvgit] / members / member-password.pl

diff --git a/members/member-password.pl b/members/member-password.pl
index d2255f8..82cd642 100755 (executable)
--- a/members/member-password.pl
+++ b/members/member-password.pl
@@ -21,6 +21,7 @@ use Koha::Token;
 use Koha::Patron::Categories;
 
 use Digest::MD5 qw(md5_base64);
+use Encode qw( encode );
 
 my $input = new CGI;
 
@@ -69,7 +70,7 @@ if ( $newpassword && !scalar(@errors) ) {
     die "Wrong CSRF token"
         unless Koha::Token->new->check_csrf({
             id     => C4::Context->userenv->{id},
-            secret => md5_base64( C4::Context->config('pass') ),
+            secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
             token  => scalar $input->param('csrf_token'),
         });
 
@@ -151,7 +152,7 @@ $template->param(
     RoutingSerials             => C4::Context->preference('RoutingSerials'),
     csrf_token                 => Koha::Token->new->generate_csrf({
         id     => C4::Context->userenv->{id},
-        secret => md5_base64( C4::Context->config('pass') ),
+        secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
     }),
 );