# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
-use strict;
-use warnings;
+use Modern::Perl;
use URI::Escape;
use C4::Context;
use C4::Auth;
use Koha::Patron::Images;
use Koha::Patrons;
use Koha::Account;
+use Koha::Token;
use Koha::Patron::Categories;
query => $input,
type => 'intranet',
authnotrequired => 0,
- flagsrequired => { borrowers => 1, updatecharges => $updatecharges_permissions },
+ flagsrequired => { borrowers => 'edit_borrowers', updatecharges => $updatecharges_permissions },
debug => 1,
}
);
# get borrower details
my $borrowernumber = $input->param('borrowernumber');
+my $logged_in_user = Koha::Patrons->find( $loggedinuser ) or die "Not logged in";
my $patron = Koha::Patrons->find( $borrowernumber );
+output_and_exit_if_error( $input, $cookie, $template, { module => 'members', logged_in_user => $logged_in_user, current_patron => $patron } );
+
my $borrower = $patron->unblessed;
my $category = $patron->category;
$borrower->{description} = $category->description;
my $writeoff = $input->param('writeoff_individual');
my $select_lines = $input->param('selected');
my $select = $input->param('selected_accts');
-my $payment_note = uri_unescape $input->param('payment_note');
-my $accountno;
+my $payment_note = uri_unescape scalar $input->param('payment_note');
my $accountlines_id;
if ( $individual || $writeoff ) {
$accountlines_id = $input->param('accountlines_id');
my $amount = $input->param('amount');
my $amountoutstanding = $input->param('amountoutstanding');
- $accountno = $input->param('accountno');
my $itemnumber = $input->param('itemnumber');
my $description = $input->param('description');
my $title = $input->param('title');
- my $notify_id = $input->param('notify_id');
- my $notify_level = $input->param('notify_level');
$total_due = $amountoutstanding;
$template->param(
accounttype => $accounttype,
accountlines_id => $accountlines_id,
- accountno => $accountno,
amount => $amount,
amountoutstanding => $amountoutstanding,
title => $title,
itemnumber => $itemnumber,
individual_description => $description,
- notify_id => $notify_id,
- notify_level => $notify_level,
payment_note => $payment_note,
);
} elsif ($select_lines) {
total_due => $total_due
);
} else {
+ die "Wrong CSRF token"
+ unless Koha::Token->new->check_csrf( {
+ session_id => $input->cookie('CGISESSID'),
+ token => scalar $input->param('csrf_token'),
+ });
+
if ($individual) {
my $line = Koha::Account::Lines->find($accountlines_id);
Koha::Account->new( { patron_id => $borrowernumber } )->pay(
{
borrowernumber => $borrowernumber,
amountoutstanding => { '<>' => 0 },
- accountno => { 'IN' => \@acc },
+ accountlines_id => { 'IN' => \@acc },
},
{ order_by => 'date' }
);
- return Koha::Account->new(
+ Koha::Account->new(
{
patron_id => $borrowernumber,
}
borrower => $borrower,
categoryname => $borrower->{description},
total => $total_due,
- RoutingSerials => C4::Context->preference('RoutingSerials'),
ExtendedPatronAttributes => C4::Context->preference('ExtendedPatronAttributes'),
+
+ csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $input->cookie('CGISESSID') }),
);
output_html_with_http_headers $input, $cookie, $template->output;
if ( $b_ref->{category_type} eq 'C' ) {
my $patron_categories = Koha::Patron::Categories->search_limited({ category_type => 'A' }, {order_by => ['categorycode']});
$template->param( 'CATCODE_MULTI' => 1) if $patron_categories->count > 1;
- $template->param( 'catcode' => $patron_categories->next ) if $patron_categories->count == 1;
+ $template->param( 'catcode' => $patron_categories->next->categorycode ) if $patron_categories->count == 1;
} elsif ( $b_ref->{category_type} eq 'A' || $b_ref->{category_type} eq 'I' ) {
$b_ref->{adultborrower} = 1;
}