Bug 18124: Change the calls to generate and check CSRF tokens

[srvgit] / members / moremember.pl

diff --git a/members/moremember.pl b/members/moremember.pl
index 55b0901..3e87a2d 100755 (executable)
--- a/members/moremember.pl
+++ b/members/moremember.pl
@@ -36,8 +36,6 @@
 use strict;
 #use warnings; FIXME - Bug 2505
 use CGI qw ( -utf8 );
-use Digest::MD5 qw(md5_base64);
-use Encode qw( encode );
 use C4::Context;
 use C4::Auth;
 use C4::Output;
@@ -119,8 +117,14 @@ my $borrowernumber = $input->param('borrowernumber');
 my $error = $input->param('error');
 $template->param( error => $error ) if ( $error );
 
-my ( $od, $issue, $fines ) = GetMemberIssuesAndFines($borrowernumber);
-$template->param( issuecount => $issue, fines => $fines );
+my $patron        = Koha::Patrons->find($borrowernumber);
+my $issues        = $patron->checkouts;
+my $balance       = $patron->account->balance;
+$template->param(
+    issuecount => $issues->count,
+    fines      => $balance,
+);
+
 
 my $data = GetMember( 'borrowernumber' => $borrowernumber );
 
@@ -140,7 +144,7 @@ foreach (qw(dateenrolled dateexpiry dateofbirth)) {
         $data->{$_} = '';
         next;
     }
-    $template->param( $_ => dt_from_string( $userdate ) );
+    $data->{$_} = dt_from_string( $userdate );
 }
 $data->{'IS_ADULT'} = ( $data->{'categorycode'} ne 'I' );
 
@@ -148,7 +152,7 @@ for (qw(gonenoaddress lost borrowernotes)) {
         $data->{$_} and $template->param(flagged => 1) and last;
 }
 
-if ( Koha::Patrons->find( $borrowernumber )->is_debarred ) {
+if ( $patron->is_debarred ) {
     $template->param( 'userdebarred' => 1, 'flagged' => 1 );
     my $debar = $data->{'debarred'};
     if ( $debar ne "9999-12-31" ) {
@@ -165,7 +169,6 @@ if ( $category_type eq 'C') {
     $template->param( 'catcode' => $patron_categories->next )  if $patron_categories->count == 1;
 }
 
-my $patron = Koha::Patrons->find($data->{borrowernumber});
 my @relatives;
 if ( my $guarantor = $patron->guarantor ) {
     $template->param( guarantor => $guarantor );
@@ -237,7 +240,9 @@ my $overdues_exist = 0;
 my $totalprice = 0;
 
 # Calculate and display patron's age
-$template->param( age => Koha::Patron->new({ dateofbirth => $data->{dateofbirth} })->get_age );
+if ( $data->{dateofbirth} ) {
+    $template->param( age => Koha::Patron->new({ dateofbirth => $data->{dateofbirth} })->get_age );
+}
 
 ### ###############################################################################
 # BUILD HTML
@@ -272,10 +277,7 @@ my $patron_image = Koha::Patron::Images->find($data->{borrowernumber});
 $template->param( picture => 1 ) if $patron_image;
 # Generate CSRF token for upload and delete image buttons
 $template->param(
-    csrf_token => Koha::Token->new->generate_csrf({
-        id     => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ),
-        secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ),
-    }),
+    csrf_token => Koha::Token->new->generate_csrf({ session_id => $input->cookie('CGISESSID'),}),
 );
 
 
@@ -321,7 +323,7 @@ if (C4::Context->preference('EnhancedMessagingPreferences')) {
     $template->param(TalkingTechItivaPhone => C4::Context->preference("TalkingTechItivaPhoneNotification"));
 }
 
-# in template <TMPL_IF name="I"> => instutitional (A for Adult, C for children) 
+# in template <TMPL_IF name="I"> => instutitional (A for Adult, C for children)
 $template->param( $data->{'categorycode'} => 1 );
 $template->param(
     patron          => $patron,