editpage: factor out checksessionexpiry into IkiWiki::CGI
parent
0df983c5a7
commit
9a6005a212
|
@ -296,6 +296,20 @@ sub cgi_getsession ($) { #{{{
|
||||||
return $session;
|
return $session;
|
||||||
} #}}}
|
} #}}}
|
||||||
|
|
||||||
|
# The session id is stored on the form and checked to
|
||||||
|
# guard against CSRF. But only if the user is logged in,
|
||||||
|
# as anonok can allow anonymous edits.
|
||||||
|
sub checksessionexpiry ($$) { # {{{
|
||||||
|
my $session = shift;
|
||||||
|
my $sid = shift;
|
||||||
|
|
||||||
|
if (defined $session->param("name")) {
|
||||||
|
if (! defined $sid || $sid ne $session->id) {
|
||||||
|
error(gettext("Your login session has expired."));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} # }}}
|
||||||
|
|
||||||
sub cgi_savesession ($) { #{{{
|
sub cgi_savesession ($) { #{{{
|
||||||
my $session=shift;
|
my $session=shift;
|
||||||
|
|
||||||
|
|
|
@ -340,16 +340,7 @@ sub cgi_editpage ($$) { #{{{
|
||||||
else {
|
else {
|
||||||
# save page
|
# save page
|
||||||
check_canedit($page, $q, $session);
|
check_canedit($page, $q, $session);
|
||||||
|
checksessionexpiry($session, $q->param('sid'));
|
||||||
# The session id is stored on the form and checked to
|
|
||||||
# guard against CSRF. But only if the user is logged in,
|
|
||||||
# as anonok can allow anonymous edits.
|
|
||||||
if (defined $session->param("name")) {
|
|
||||||
my $sid=$q->param('sid');
|
|
||||||
if (! defined $sid || $sid ne $session->id) {
|
|
||||||
error(gettext("Your login session has expired."));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
my $exists=-e "$config{srcdir}/$file";
|
my $exists=-e "$config{srcdir}/$file";
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue