|
|
|
@ -32,10 +32,18 @@ sub add {
|
|
|
|
|
my ($self) = @_; |
|
|
|
|
|
|
|
|
|
eval { |
|
|
|
|
my $sectoken = $self->session('c_sectoken') |
|
|
|
|
or die("missing security token\n"); |
|
|
|
|
my ($ip, $upto) = ($sectoken =~ m{^[0-9a-f\.:]+-\d+$}io) |
|
|
|
|
or die("malformed security token\n"); |
|
|
|
|
($upto > time()) |
|
|
|
|
or die("expired security token\n"); |
|
|
|
|
($ip eq $self->tx->remote_address) |
|
|
|
|
or die("remote address mismatch\n"); |
|
|
|
|
my $text = $self->req->param('text') |
|
|
|
|
or die("empty comment\n"); |
|
|
|
|
my $pageid = $self->_gen_pageid() |
|
|
|
|
or die("can't get id\n"); |
|
|
|
|
or die("can't get pageid\n"); |
|
|
|
|
|
|
|
|
|
my %opts = (binmode => ':bytes'); |
|
|
|
|
my $comments = []; |
|
|
|
|