remove, rename: Add guards against XSRF attacks.

author: Joey Hess <joey@kitenet.net> 2010-05-14 14:21:45 -0400
committer: Joey Hess <joey@kitenet.net> 2010-05-14 14:21:45 -0400
commit: 8ff761afa24febdb280c672b3b31d6145990f050 (patch)
tree: 3d00cbd45d48833c0d7e8084b5da1739ff11030f /IkiWiki/Plugin/rename.pm
parent: ab3efb21d9f3c43cf01e5d1be5a55cf7a233adfb (diff)
download: ikiwiki-8ff761afa24febdb280c672b3b31d6145990f050.tar
ikiwiki-8ff761afa24febdb280c672b3b31d6145990f050.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/IkiWiki/Plugin/rename.pm b/IkiWiki/Plugin/rename.pm
index 537e91317..0da90a538 100644
--- a/IkiWiki/Plugin/rename.pm
+++ b/IkiWiki/Plugin/rename.pm
@@ -131,6 +131,8 @@ sub rename_form ($$$) {
 	);
 	
 	$f->field(name => "do", type => "hidden", value => "rename", force => 1);
+	$f->field(name => "sid", type => "hidden", value => $session->id,
+		force => 1);
 	$f->field(name => "page", type => "hidden", value => $page, force => 1);
 	$f->field(name => "new_name", value => pagetitle($page, 1), size => 60);
 	if (!$q->param("attachment")) {
@@ -286,6 +288,8 @@ sub sessioncgi ($$) {
 			postrename($session);
 		}
 		elsif ($form->submitted eq 'Rename' && $form->validate) {
+			IkiWiki::checksessionexpiry($q, $session, $q->param('sid'));
+
 			# Queue of rename actions to perfom.
 			my @torename;
author	Joey Hess <joey@kitenet.net>	2010-05-14 14:21:45 -0400
committer	Joey Hess <joey@kitenet.net>	2010-05-14 14:21:45 -0400
commit	8ff761afa24febdb280c672b3b31d6145990f050 (patch)
tree	3d00cbd45d48833c0d7e8084b5da1739ff11030f /IkiWiki/Plugin/rename.pm
parent	ab3efb21d9f3c43cf01e5d1be5a55cf7a233adfb (diff)
download	ikiwiki-8ff761afa24febdb280c672b3b31d6145990f050.tar ikiwiki-8ff761afa24febdb280c672b3b31d6145990f050.tar.gz