Browse Source

+ LDV::Comments->add : check security token

master
Alex 'AdUser' Z 9 years ago
parent
commit
49c63b7d79
  1. 10
      lib/LDV/Comments.pm

10
lib/LDV/Comments.pm

@ -32,10 +32,18 @@ sub add {
my ($self) = @_;
eval {
my $sectoken = $self->session('c_sectoken')
or die("missing security token\n");
my ($ip, $upto) = ($sectoken =~ m{^[0-9a-f\.:]+-\d+$}io)
or die("malformed security token\n");
($upto > time())
or die("expired security token\n");
($ip eq $self->tx->remote_address)
or die("remote address mismatch\n");
my $text = $self->req->param('text')
or die("empty comment\n");
my $pageid = $self->_gen_pageid()
or die("can't get id\n");
or die("can't get pageid\n");
my %opts = (binmode => ':bytes');
my $comments = [];

Loading…
Cancel
Save