Bug 26388: Do not show 'Renew all' or 'Renew selected' if no renewable items

[koha-ffzg.git] / opac / opac-messaging.pl

diff --git a/opac/opac-messaging.pl b/opac/opac-messaging.pl
index 8189493..bb44b4c 100755 (executable)
--- a/opac/opac-messaging.pl
+++ b/opac/opac-messaging.pl
@@ -17,8 +17,7 @@
 # You should have received a copy of the GNU General Public License
 # along with Koha; if not, see <http://www.gnu.org/licenses>.
 
-use strict;
-use warnings;
+use Modern::Perl;
 
 use CGI qw ( -utf8 );
 
@@ -32,6 +31,7 @@ use C4::Members::Messaging;
 use C4::Form::MessagingPreferences;
 use Koha::Patrons;
 use Koha::SMS::Providers;
+use Koha::Token;
 
 my $query = CGI->new();
 
@@ -46,7 +46,6 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
         template_name   => 'opac-messaging.tt',
         query           => $query,
         type            => 'opac',
-        authnotrequired => 0,
         debug           => 1,
     }
 );
@@ -56,17 +55,23 @@ my $patron = Koha::Patrons->find( $borrowernumber ); # FIXME and if borrowernumb
 my $messaging_options = C4::Members::Messaging::GetMessagingOptions();
 
 if ( defined $query->param('modify') && $query->param('modify') eq 'yes' ) {
+    die "Wrong CSRF token" unless Koha::Token->new->check_csrf({
+        session_id => scalar $query->cookie('CGISESSID'),
+        token  => scalar $query->param('csrf_token'),
+    });
+
     my $sms = $query->param('SMSnumber');
     my $sms_provider_id = $query->param('sms_provider_id');
-    if ( defined $sms && ( $patron->smsalertnumber // '' ) ne $sms
-            or ( $patron->sms_provider_id // '' ) ne $sms_provider_id ) {
-        $patron->set({
-            smsalertnumber  => $sms,
-            sms_provider_id => $sms_provider_id,
-        })->store;
-    }
+    $patron->set({
+        smsalertnumber  => $sms,
+        sms_provider_id => $sms_provider_id,
+    })->store;
 
     C4::Form::MessagingPreferences::handle_form_action($query, { borrowernumber => $patron->borrowernumber }, $template);
+
+    if ( C4::Context->preference('TranslateNotices') ) {
+        $patron->set({ lang => scalar $query->param('lang') })->store;
+    }
 }
 
 C4::Form::MessagingPreferences::set_form_values({ borrowernumber     => $patron->borrowernumber }, $template);
@@ -82,4 +87,19 @@ if ( C4::Context->preference("SMSSendDriver") eq 'Email' ) {
     $template->param( sms_providers => \@providers, sms_provider_id => $patron->sms_provider_id );
 }
 
+my $new_session_id = $cookie->value;
+$template->param(
+    csrf_token => Koha::Token->new->generate_csrf({
+            session_id => $new_session_id,
+        }),
+);
+
+if ( C4::Context->preference('TranslateNotices') ) {
+    my $translated_languages = C4::Languages::getTranslatedLanguages( 'opac', C4::Context->preference('template') );
+    $template->param(
+        languages => $translated_languages,
+        patron_lang => $patron->lang,
+    );
+}
+
 output_html_with_http_headers $query, $cookie, $template->output, undef, { force_no_caching => 1 };