X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=basket%2Fsendbasket.pl;h=2076c425fa6f57c5ee046c2cebe7d7e3228491ef;hb=86a0a7d80b71908582dfc40c981734c5828112fc;hp=ab29824a64003293575530c92ee37489ad1b65b5;hpb=4e40339db3209c913c79b935067e139b470255cc;p=srvgit diff --git a/basket/sendbasket.pl b/basket/sendbasket.pl index ab29824a64..2076c425fa 100755 --- a/basket/sendbasket.pl +++ b/basket/sendbasket.pl @@ -20,7 +20,6 @@ use Modern::Perl; use CGI qw ( -utf8 ); use Encode qw(encode); use Carp; -use Digest::MD5 qw(md5_base64); use Mail::Sendmail; use MIME::QuotedPrint; use MIME::Base64; @@ -51,11 +50,11 @@ my $email_add = $query->param('email_add'); my $dbh = C4::Context->dbh; if ( $email_add ) { - die "Wrong CSRF token" unless Koha::Token->new->check_csrf({ - id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ), - secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ), - token => scalar $query->param('csrf_token'), - }); + output_and_exit( $query, $cookie, $template, 'wrong_csrf_token' ) + unless Koha::Token->new->check_csrf({ + session_id => scalar $query->cookie('CGISESSID'), + token => scalar $query->param('csrf_token'), + }); my $email = Koha::Email->new(); my %mail = $email->create_message_headers({ to => $email_add }); my $comment = $query->param('comment'); @@ -75,7 +74,9 @@ if ( $email_add ) { my $dat = GetBiblioData($biblionumber); next unless $dat; - my $record = GetMarcBiblio($biblionumber, 1); + my $record = GetMarcBiblio({ + biblionumber => $biblionumber, + embed_items => 1 }); my $marcauthorsarray = GetMarcAuthors( $record, $marcflavour ); my $marcsubjctsarray = GetMarcSubjects( $record, $marcflavour ); @@ -112,7 +113,7 @@ if ( $email_add ) { if ( $template_res =~ /(.*)/s ) { $mail{subject} = $1; $mail{subject} =~ s|\n?(.*)\n?|$1|; - $mail{subject} = Encode::encode("UTF-8", $mail{subject}); + $mail{subject} = encode('MIME-Header',$mail{subject}); } else { $mail{'subject'} = "no subject"; } @@ -163,7 +164,7 @@ END_OF_BODY $template->param( SENT => "1" ); } else { - # do something if it doesnt work.... + # do something if it doesn't work.... carp "Error sending mail: $Mail::Sendmail::error \n"; $template->param( error => 1 ); } @@ -176,11 +177,7 @@ else { url => "/cgi-bin/koha/basket/sendbasket.pl", suggestion => C4::Context->preference("suggestion"), virtualshelves => C4::Context->preference("virtualshelves"), - csrf_token => Koha::Token->new->generate_csrf( - { id => Encode::encode( 'UTF-8', C4::Context->userenv->{id} ), - secret => md5_base64( Encode::encode( 'UTF-8', C4::Context->config('pass') ) ), - } - ), + csrf_token => Koha::Token->new->generate_csrf({ session_id => scalar $query->cookie('CGISESSID'), }), ); output_html_with_http_headers $query, $cookie, $template->output; }