editpage: factor out checksessionexpiry into IkiWiki::CGI

author: Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/> 2008-11-22 21:53:33 +0000
committer: Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/> 2008-12-11 21:14:03 +0000
commit: 9a6005a212f9be2395943f424e48270b24588fcd (patch)
tree: 6707a6b01334566431786630eed42320cad9aba4 /IkiWiki/CGI.pm
parent: 0df983c5a7a4292224e7f7c279fc7dbe9a79fba6 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 4399d0dcb..a3486cbb4 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -296,6 +296,20 @@ sub cgi_getsession ($) { #{{{
 	return $session;
 } #}}}
 
+# The session id is stored on the form and checked to
+# guard against CSRF. But only if the user is logged in,
+# as anonok can allow anonymous edits.
+sub checksessionexpiry ($$) { # {{{
+	my $session = shift;
+	my $sid = shift;
+
+	if (defined $session->param("name")) {
+		if (! defined $sid || $sid ne $session->id) {
+			error(gettext("Your login session has expired."));
+		}
+	}
+} # }}}
+
 sub cgi_savesession ($) { #{{{
 	my $session=shift;
author	Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>	2008-11-22 21:53:33 +0000
committer	Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>	2008-12-11 21:14:03 +0000
commit	9a6005a212f9be2395943f424e48270b24588fcd (patch)
tree	6707a6b01334566431786630eed42320cad9aba4 /IkiWiki/CGI.pm
parent	0df983c5a7a4292224e7f7c279fc7dbe9a79fba6 (diff)