diff options
author | Joey Hess <joey@kitenet.net> | 2010-05-14 14:21:45 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2010-05-14 14:21:45 -0400 |
commit | 8ff761afa24febdb280c672b3b31d6145990f050 (patch) | |
tree | 3d00cbd45d48833c0d7e8084b5da1739ff11030f /IkiWiki/Plugin/rename.pm | |
parent | ab3efb21d9f3c43cf01e5d1be5a55cf7a233adfb (diff) | |
download | ikiwiki-8ff761afa24febdb280c672b3b31d6145990f050.tar ikiwiki-8ff761afa24febdb280c672b3b31d6145990f050.tar.gz |
remove, rename: Add guards against XSRF attacks.
Diffstat (limited to 'IkiWiki/Plugin/rename.pm')
-rw-r--r-- | IkiWiki/Plugin/rename.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/IkiWiki/Plugin/rename.pm b/IkiWiki/Plugin/rename.pm index 537e91317..0da90a538 100644 --- a/IkiWiki/Plugin/rename.pm +++ b/IkiWiki/Plugin/rename.pm @@ -131,6 +131,8 @@ sub rename_form ($$$) { ); $f->field(name => "do", type => "hidden", value => "rename", force => 1); + $f->field(name => "sid", type => "hidden", value => $session->id, + force => 1); $f->field(name => "page", type => "hidden", value => $page, force => 1); $f->field(name => "new_name", value => pagetitle($page, 1), size => 60); if (!$q->param("attachment")) { @@ -286,6 +288,8 @@ sub sessioncgi ($$) { postrename($session); } elsif ($form->submitted eq 'Rename' && $form->validate) { + IkiWiki::checksessionexpiry($q, $session, $q->param('sid')); + # Queue of rename actions to perfom. my @torename; |