From 9a6005a212f9be2395943f424e48270b24588fcd Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@ http://smcv.pseudorandom.co.uk/>
Date: Sat, 22 Nov 2008 21:53:33 +0000
Subject: editpage: factor out checksessionexpiry into IkiWiki::CGI

---
 IkiWiki/Plugin/editpage.pm | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

(limited to 'IkiWiki/Plugin')

diff --git a/IkiWiki/Plugin/editpage.pm b/IkiWiki/Plugin/editpage.pm
index fe2864bac..e4f0cdac0 100644
--- a/IkiWiki/Plugin/editpage.pm
+++ b/IkiWiki/Plugin/editpage.pm
@@ -340,16 +340,7 @@ sub cgi_editpage ($$) { #{{{
 	else {
 		# save page
 		check_canedit($page, $q, $session);
-	
-		# The session id is stored on the form and checked to
-		# guard against CSRF. But only if the user is logged in,
-		# as anonok can allow anonymous edits.
-		if (defined $session->param("name")) {
-			my $sid=$q->param('sid');
-			if (! defined $sid || $sid ne $session->id) {
-				error(gettext("Your login session has expired."));
-			}
-		}
+		checksessionexpiry($session, $q->param('sid'));
 
 		my $exists=-e "$config{srcdir}/$file";
 
-- 
cgit v1.2.3