From 9a6005a212f9be2395943f424e48270b24588fcd Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Sat, 22 Nov 2008 21:53:33 +0000 Subject: [PATCH 1/1] editpage: factor out checksessionexpiry into IkiWiki::CGI --- IkiWiki/CGI.pm | 14 ++++++++++++++ IkiWiki/Plugin/editpage.pm | 11 +---------- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index 4399d0dcb..a3486cbb4 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -296,6 +296,20 @@ sub cgi_getsession ($) { #{{{ return $session; } #}}} +# The session id is stored on the form and checked to +# guard against CSRF. But only if the user is logged in, +# as anonok can allow anonymous edits. +sub checksessionexpiry ($$) { # {{{ + my $session = shift; + my $sid = shift; + + if (defined $session->param("name")) { + if (! defined $sid || $sid ne $session->id) { + error(gettext("Your login session has expired.")); + } + } +} # }}} + sub cgi_savesession ($) { #{{{ my $session=shift; diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm index fe2864bac..e4f0cdac0 100644 --- a/IkiWiki/Plugin/editpage.pm +++ b/IkiWiki/Plugin/editpage.pm @@ -340,16 +340,7 @@ sub cgi_editpage ($$) { #{{{ else { # save page check_canedit($page, $q, $session); - - # The session id is stored on the form and checked to - # guard against CSRF. But only if the user is logged in, - # as anonok can allow anonymous edits. - if (defined $session->param("name")) { - my $sid=$q->param('sid'); - if (! defined $sid || $sid ne $session->id) { - error(gettext("Your login session has expired.")); - } - } + checksessionexpiry($session, $q->param('sid')); my $exists=-e "$config{srcdir}/$file"; -- 2.44.0