remove, rename: Add guards against XSRF attacks.

[ikiwiki.git] / IkiWiki / Plugin / rename.pm

diff --git a/IkiWiki/Plugin/rename.pm b/IkiWiki/Plugin/rename.pm
index 537e913178f42cb93270a60bd6b2560cc6dda33a..0da90a538cb15b1e8f7b2b6a162a8f170ecb61bc 100644 (file)
--- a/IkiWiki/Plugin/rename.pm
+++ b/IkiWiki/Plugin/rename.pm
@@ -131,6 +131,8 @@ sub rename_form ($$$) {
        );
        
        $f->field(name => "do", type => "hidden", value => "rename", force => 1);
+       $f->field(name => "sid", type => "hidden", value => $session->id,
+               force => 1);
        $f->field(name => "page", type => "hidden", value => $page, force => 1);
        $f->field(name => "new_name", value => pagetitle($page, 1), size => 60);
        if (!$q->param("attachment")) {
@@ -286,6 +288,8 @@ sub sessioncgi ($$) {
                        postrename($session);
                }
                elsif ($form->submitted eq 'Rename' && $form->validate) {
+                       IkiWiki::checksessionexpiry($q, $session, $q->param('sid'));
+
                        # Queue of rename actions to perfom.
                        my @torename;