summaryrefslogtreecommitdiff
path: root/lib/VNWeb/Validation.pm
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2021-01-04 14:01:05 +0100
committerYorhel <git@yorhel.nl>2021-01-04 14:01:07 +0100
commit3fc190f1898342d63b1308a83152fe45a88f7c3f (patch)
treef1b14a2ea0ab4b8bb6013a0e75dfa146ba5dd004 /lib/VNWeb/Validation.pm
parentf78f37e369567c91896aeeb505e706df4b4c12ff (diff)
v2rw: Some cleanup; Move some functionality out of vndb.pl; Move config out of tuwf->{..}
Config had been in a separate config->{..} object for a while now, old code doesn't need it anymore so we can finally get rid of the tuwf->{..} compact. vndb.pl is not really the place for library code, so moved that around. The old imgpath() and imgurl() functions weren't used anymore, so could be safely replaced with the new functions that take the new vndbid format. (All this to make it easier to write separate scripts that call into VNDB::/VNWeb:: code as a library)
Diffstat (limited to 'lib/VNWeb/Validation.pm')
-rw-r--r--lib/VNWeb/Validation.pm7
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/VNWeb/Validation.pm b/lib/VNWeb/Validation.pm
index e64f80ff..5836d001 100644
--- a/lib/VNWeb/Validation.pm
+++ b/lib/VNWeb/Validation.pm
@@ -13,6 +13,7 @@ use Carp 'croak';
use Exporter 'import';
our @EXPORT = qw/
+ samesite
is_insecurepass
form_compile
form_changed
@@ -91,6 +92,10 @@ sub _validate_fuzzyrdate {
}
+# returns true if this request originated from the same site, i.e. not an external referer.
+sub samesite { !!tuwf->reqCookie('samesite') }
+
+
sub is_insecurepass {
config->{password_db} && PWLookup::lookup(config->{password_db}, shift)
}
@@ -270,7 +275,7 @@ sub viewget {
my($view, $token) = tuwf->reqGet('view') =~ /^([^-]*)-(.+)$/;
# Abort this request and redirect if the token is invalid.
- if(length($view) && (!tuwf->samesite || !length($token) || !auth->csrfcheck($token, 'view'))) {
+ if(length($view) && (!samesite || !length($token) || !auth->csrfcheck($token, 'view'))) {
my $qs = join '&', map { my $k=$_; my @l=tuwf->reqGets($k); map uri_escape($k).'='.uri_escape($_), @l } grep $_ ne 'view', tuwf->reqGets();
tuwf->resInit;
tuwf->resRedirect(tuwf->reqPath().($qs?"?$qs":''), 'temp');