linuxdv.org
/
linuxdv-backend
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

+ LDV::Comments->add : check security token

master
Alex 'AdUser' Z 8 years ago
parent
2e2d561473
commit
49c63b7d79
1 changed files with 9 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      lib/LDV/Comments.pm

10
lib/LDV/Comments.pm
Unescape View File

@ -32,10 +32,18 @@ sub add {
my ($self) = @_;
eval {
my $sectoken = $self->session('c_sectoken')
or die("missing security token\n");
my ($ip, $upto) = ($sectoken =~ m{^[0-9a-f\.:]+-\d+$}io)
or die("malformed security token\n");
($upto > time())
or die("expired security token\n");
($ip eq $self->tx->remote_address)
or die("remote address mismatch\n");
my $text = $self->req->param('text')
or die("empty comment\n");
my $pageid = $self->_gen_pageid()
or die("can't get id\n");
or die("can't get pageid\n");
my %opts = (binmode => ':bytes');
my $comments = [];

Write Preview
Loading…
Cancel
Save