urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

editpage: factor out checksessionexpiry into IkiWiki::CGI

master
Simon McVittie 2008-11-22 21:53:33 +00:00
parent 0df983c5a7
commit 9a6005a212
2 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
IkiWiki/CGI.pm
View File

@ -296,6 +296,20 @@ sub cgi_getsession ($) { #{{{
return $session;
} #}}}
# The session id is stored on the form and checked to
# guard against CSRF. But only if the user is logged in,
# as anonok can allow anonymous edits.
sub checksessionexpiry ($$) { # {{{
my $session = shift;
my $sid = shift;
if (defined $session->param("name")) {
if (! defined $sid || $sid ne $session->id) {
error(gettext("Your login session has expired."));
}
}
} # }}}
sub cgi_savesession ($) { #{{{
my $session=shift;

11
IkiWiki/Plugin/editpage.pm
View File

@ -340,16 +340,7 @@ sub cgi_editpage ($$) { #{{{
else {
# save page
check_canedit($page, $q, $session);
# The session id is stored on the form and checked to
# guard against CSRF. But only if the user is logged in,
# as anonok can allow anonymous edits.
if (defined $session->param("name")) {
my $sid=$q->param('sid');
if (! defined $sid || $sid ne $session->id) {
error(gettext("Your login session has expired."));
}
}
checksessionexpiry($session, $q->param('sid'));
my $exists=-e "$config{srcdir}/$file";