[Koha] No CSRF token passed for POST

Alvaro Cornejo cornejo.alvaro at gmail.com
Mon Oct 14 11:57:26 NZDT 2024 

Hi,

I'm still trying to move a small web page to capture some data an put it
into a new table into Koha (24.05.04)

If I run each of the scripts from CLI using dummy data, it works fine,
however if I call it from a page created in Koha under staff interface, I
ca get some parts working, however when using POST to save changes in the
table, I get the following error message:

Programming error - No CSRF token passed for POST
http://192.168.0.92:8080/intranet/celacp/edit_save.pl (referer:
http://192.168.0.92:8080/cgi-bin/koha/celacp/edit.pl?id=7)

How can I get/generate/pass the token:

This is the code we use:

#!/usr/bin/perl
#--------------------------------------------------------------------------
# edit.pl
#--------------------------------------------------------------------------

use DBI;
use CGI qw(:standard);
use C4::Context;
use C4::Auth qw( get_template_and_user );
use Modern::Perl;

my $name_first;
my $name_last;
my $address_01;
my $address_02;
my $address_city;
my $address_state;
my $address_postal_code;

my $query = new CGI;

my $id = $query->param("id");

print header;
print <<HTML;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Scripting MySQL - Address Book - Edit</title>
</head>

<body>
HTML

# grab the information for this id

our $dbh = C4::Context->dbh;

$query = "SELECT serial, name_first, name_last, address_01, address_02,
address_city, address_state, address_postal_code FROM address WHERE serial
= '$id'";

my $sth = $dbh->prepare($query);

$sth->execute();

# list all of the addresses in a table
# be sure that the link for add.html is the correct path according to your
system
print "<center><font color=blue>My Addresses - <a href=
http://192.168.0.92:8080/cgi-bin/koha/celacp/AskALibrarian1.pl
>Dashboard</a></font><p>";
print "<table border=0>";

my @data;
while (@data = $sth->fetchrow_array()) {
$id = $data[0];
$name_first = $data[1];
$name_last = $data[2];
$address_01 = $data[3];
$address_02 = $data[4];
$address_city = $data[5];
$address_state = $data[6];
$address_postal_code = $data[7];
}

print <<HTML;

<form method="post" name="address" action="
http://192.168.0.92:8080/cgi-bin/koha/celacp/edit_save.pl">
<input type=hidden name=id value="$id">
<tr><td align=right>Name First  </td><td><INPUT TYPE=text NAME="name_first"
id=name_first size=30 value="$name_first"></td></tr>
<tr><td align=right>Name Last  </td><td><INPUT TYPE=text
NAME="name_last" id=name_last
size=30 value="$name_last"></td"></tr>
<tr><td align=right>Address 1  </td><td><INPUT TYPE=text NAME="address_01"
id=address_01 size=40 value="$address_01"></td></tr>
<tr><td align=right>Address 2  </td><td><INPUT TYPE=text NAME="address_02"
id=address_02 size=40 value="$address_02"></td></tr>
<tr><td align=right>City  </td><td><INPUT TYPE=text
NAME="address_city" id=address_city
size=30 value="$address_city"></td></tr>
<tr><td align=right>State  </td><td><INPUT TYPE=text
NAME="address_state" id=address_state
size=2 value="$address_state"></td></tr>
<tr><td align=right>Zip  </td><td><INPUT TYPE=text NAME="address_postal_code"
id=address_postal_code size=10 value="$address_postal_code"</td></tr>
<tr><td colspan=2><center><input type="submit" value="Save Changes" alt="Save
Changes"></td></tr>
</form>
</table>

</body>
</html>

HTML

$dbh->disconnect;

exit;


Or should I use another method to pass the variables values?

Regards

Alvaro.

NB.: I´m by no means a programmer so, please, don´t be too strict with the
cleaness of the code. I took another perl script as "template"  and
adjusted to our needs.


|----------------------------------------------------------------------------------------|
 Stay safe / Cuídate/  Reste sécurisé
*7* Switch off as you go / Apaga lo que no usas /  Débranchez au fur et à
mesure.
 *q *Recycle always / Recicla siempre / Recyclez toujours
 P Print only if absolutely necessary / Imprime solo si es necesario /
Imprimez seulement si nécessaire

More information about the Koha mailing list