diff options
author | Yorhel <git@yorhel.nl> | 2010-11-06 16:49:09 +0100 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2010-11-06 16:49:09 +0100 |
commit | 5f6845d76c1ed3cbfea73b004940749f64dab972 (patch) | |
tree | 98477dd8dcd001bd1c670dc74bf9adcb1b5a66be /lib/VNDB/Handler/Users.pm | |
parent | e625403d6108b3f95361ece3c4311dae88747107 (diff) |
URL change: /u/logout => /u$id/logout
Also fixes a cross-site request forgery vulnerability. Not as strong as
the others but it's not very crucial anyway.
Diffstat (limited to 'lib/VNDB/Handler/Users.pm')
-rw-r--r-- | lib/VNDB/Handler/Users.pm | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm index 7812606f..70b1ea71 100644 --- a/lib/VNDB/Handler/Users.pm +++ b/lib/VNDB/Handler/Users.pm @@ -10,7 +10,7 @@ use VNDB::Func; YAWF::register( qr{u([1-9]\d*)} => \&userpage, qr{u/login} => \&login, - qr{u/logout} => \&logout, + qr{u([1-9]\d*)/logout} => \&logout, qr{u/newpass} => \&newpass, qr{u/newpass/sent} => \&newpass_sent, qr{u/register} => \®ister, @@ -155,7 +155,10 @@ sub login { sub logout { - shift->authLogout; + my $self = shift; + my $uid = shift; + return 404 if !$self->authInfo->{id} || $self->authInfo->{id} != $uid; + $self->authLogout; } |