diff options
author | Yorhel <git@yorhel.nl> | 2021-01-04 14:01:05 +0100 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2021-01-04 14:01:07 +0100 |
commit | 3fc190f1898342d63b1308a83152fe45a88f7c3f (patch) | |
tree | f1b14a2ea0ab4b8bb6013a0e75dfa146ba5dd004 /lib/VNWeb/Validation.pm | |
parent | f78f37e369567c91896aeeb505e706df4b4c12ff (diff) |
v2rw: Some cleanup; Move some functionality out of vndb.pl; Move config out of tuwf->{..}
Config had been in a separate config->{..} object for a while now, old
code doesn't need it anymore so we can finally get rid of the tuwf->{..}
compact.
vndb.pl is not really the place for library code, so moved that around.
The old imgpath() and imgurl() functions weren't used anymore, so could
be safely replaced with the new functions that take the new vndbid
format.
(All this to make it easier to write separate scripts that call into
VNDB::/VNWeb:: code as a library)
Diffstat (limited to 'lib/VNWeb/Validation.pm')
-rw-r--r-- | lib/VNWeb/Validation.pm | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/VNWeb/Validation.pm b/lib/VNWeb/Validation.pm index e64f80ff..5836d001 100644 --- a/lib/VNWeb/Validation.pm +++ b/lib/VNWeb/Validation.pm @@ -13,6 +13,7 @@ use Carp 'croak'; use Exporter 'import'; our @EXPORT = qw/ + samesite is_insecurepass form_compile form_changed @@ -91,6 +92,10 @@ sub _validate_fuzzyrdate { } +# returns true if this request originated from the same site, i.e. not an external referer. +sub samesite { !!tuwf->reqCookie('samesite') } + + sub is_insecurepass { config->{password_db} && PWLookup::lookup(config->{password_db}, shift) } @@ -270,7 +275,7 @@ sub viewget { my($view, $token) = tuwf->reqGet('view') =~ /^([^-]*)-(.+)$/; # Abort this request and redirect if the token is invalid. - if(length($view) && (!tuwf->samesite || !length($token) || !auth->csrfcheck($token, 'view'))) { + if(length($view) && (!samesite || !length($token) || !auth->csrfcheck($token, 'view'))) { my $qs = join '&', map { my $k=$_; my @l=tuwf->reqGets($k); map uri_escape($k).'='.uri_escape($_), @l } grep $_ ne 'view', tuwf->reqGets(); tuwf->resInit; tuwf->resRedirect(tuwf->reqPath().($qs?"?$qs":''), 'temp'); |