Bug 17720: CSRF - Handle unicode characters

[srvgit] / members / memberentry.pl

diff --git a/members/memberentry.pl b/members/memberentry.pl
index 27e6687..61ebed9 100755 (executable)
--- a/members/memberentry.pl
+++ b/members/memberentry.pl
@@ -26,6 +26,7 @@ use warnings;
 use CGI qw ( -utf8 );
 use List::MoreUtils qw/uniq/;
 use Digest::MD5 qw(md5_base64);
+use Encode qw( encode );
 
 # internal modules
 use C4::Auth;
@@ -290,7 +291,7 @@ if ($op eq 'save' || $op eq 'insert'){
     die "Wrong CSRF token"
         unless Koha::Token->new->check_csrf({
             id     => C4::Context->userenv->{id},
-            secret => md5_base64( C4::Context->config('pass') ),
+            secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
             token  => scalar $input->param('csrf_token'),
         });
 
@@ -752,7 +753,7 @@ $template->param(
 $template->param(
     csrf_token => Koha::Token->new->generate_csrf(
         {   id     => C4::Context->userenv->{id},
-            secret => md5_base64( C4::Context->config('pass') ),
+            secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
         }
     ),
 );