diff options
author | Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/> | 2008-11-22 21:53:33 +0000 |
---|---|---|
committer | Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/> | 2008-12-11 21:14:03 +0000 |
commit | 9a6005a212f9be2395943f424e48270b24588fcd (patch) | |
tree | 6707a6b01334566431786630eed42320cad9aba4 /IkiWiki/Plugin/editpage.pm | |
parent | 0df983c5a7a4292224e7f7c279fc7dbe9a79fba6 (diff) | |
download | ikiwiki-9a6005a212f9be2395943f424e48270b24588fcd.tar ikiwiki-9a6005a212f9be2395943f424e48270b24588fcd.tar.gz |
editpage: factor out checksessionexpiry into IkiWiki::CGI
Diffstat (limited to 'IkiWiki/Plugin/editpage.pm')
-rw-r--r-- | IkiWiki/Plugin/editpage.pm | 11 |
1 files changed, 1 insertions, 10 deletions
diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm index fe2864bac..e4f0cdac0 100644 --- a/IkiWiki/Plugin/editpage.pm +++ b/IkiWiki/Plugin/editpage.pm @@ -340,16 +340,7 @@ sub cgi_editpage ($$) { #{{{ else { # save page check_canedit($page, $q, $session); - - # The session id is stored on the form and checked to - # guard against CSRF. But only if the user is logged in, - # as anonok can allow anonymous edits. - if (defined $session->param("name")) { - my $sid=$q->param('sid'); - if (! defined $sid || $sid ne $session->id) { - error(gettext("Your login session has expired.")); - } - } + checksessionexpiry($session, $q->param('sid')); my $exists=-e "$config{srcdir}/$file"; |