summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--IkiWiki/CGI.pm14
-rw-r--r--IkiWiki/Plugin/editpage.pm11
2 files changed, 15 insertions, 10 deletions
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 4399d0dcb..a3486cbb4 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -296,6 +296,20 @@ sub cgi_getsession ($) { #{{{
return $session;
} #}}}
+# The session id is stored on the form and checked to
+# guard against CSRF. But only if the user is logged in,
+# as anonok can allow anonymous edits.
+sub checksessionexpiry ($$) { # {{{
+ my $session = shift;
+ my $sid = shift;
+
+ if (defined $session->param("name")) {
+ if (! defined $sid || $sid ne $session->id) {
+ error(gettext("Your login session has expired."));
+ }
+ }
+} # }}}
+
sub cgi_savesession ($) { #{{{
my $session=shift;
diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm
index fe2864bac..e4f0cdac0 100644
--- a/IkiWiki/Plugin/editpage.pm
+++ b/IkiWiki/Plugin/editpage.pm
@@ -340,16 +340,7 @@ sub cgi_editpage ($$) { #{{{
else {
# save page
check_canedit($page, $q, $session);
-
- # The session id is stored on the form and checked to
- # guard against CSRF. But only if the user is logged in,
- # as anonok can allow anonymous edits.
- if (defined $session->param("name")) {
- my $sid=$q->param('sid');
- if (! defined $sid || $sid ne $session->id) {
- error(gettext("Your login session has expired."));
- }
- }
+ checksessionexpiry($session, $q->param('sid'));
my $exists=-e "$config{srcdir}/$file";