X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=blobdiff_plain;f=cgi-auth-flexible.pm;h=4e8b6b87d64a93fcbb34aa576a20ad10c87eb5ad;hb=25e25b8de619eea16662834c41a68b24a4bf1263;hp=c9d97664d8cc1d6e0a92e8025bc1b16e774b36c0;hpb=44b5d2d747513aec67f934f6de7c5d20f661468a;p=cgi-auth-flexible.git

diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm
index c9d9766..4e8b6b8 100644
--- a/cgi-auth-flexible.pm
+++ b/cgi-auth-flexible.pm
@@ -1042,8 +1042,7 @@ sub url_with_query_params ($$;$) {
     my $uri = URI->new($r->_ch('get_url'));
     $uri->path($uri->path() . $params->{''}[0]) if $params->{''};
     my @flatparams = flatten_params($params);
-    if (defined $nonpagetype
-	&& $r->nonpage_get_needs_secret_hidden($nonpagetype)) {
+    if (defined $nonpagetype && $r->need_add_hidden('GET',$nonpagetype)) {
 	push @flatparams, $r->{S}{assoc_param_name}, $r->secret_hidden_val();
     }
     $uri->query_form(@flatparams);
@@ -1078,7 +1077,7 @@ sub check_ok ($) {
     }
 
     if ($kind =~ m/^REDIRECT-/) {
-	# for redirects, we honour stored NextParams and SetCookie,
+	# for redirects, we honour stored Params and Cookie,
 	# as we would for non-divert
 	if ($kind eq 'REDIRECT-LOGGEDOUT') {
 	    $params->{$r->{S}{loggedout_param_names}[0]} = [ 1 ];
@@ -1294,22 +1293,33 @@ sub mutate_ok ($) {
 }
 
 our %_resource_get_needs_secret_hidden =
-    (map { $_ => 0 } qw(PAGE FRAME IFRAME SRCDUMP STYLESHEET FAVICON),
+    (map { $_ => 0 } qw(PAGE FRAME IFRAME SRCDUMP STYLESHEET FAVICON ROBOTS),
      map { $_ => 1 } qw(IMAGE SCRIPT AJAX-XML AJAX-JSON AJAX-OTHER));
 
-sub resource_get_needs_secret_hidden ($) {
-    my ($r, $nonpagetype) = @_;
-    my $ent = $_resource_get_needs_secret_hidden{$nonpagetype};
-    die "unsupported nonpage GET type $nonpagetype" unless defined $ent;
-    return $ent;
+sub update_get_need_add_hidden ($$) {
+    my ($r, $reqtype, $value) = @_;
+    my $hash = ref $r
+	? ($r->{GetNeedsSecretHidden} ||= { })
+	: \%_resource_get_needs_secret_hidden;
+    $hash->{$reqtype} = $value;
+}
+
+sub need_add_hidden ($$) {
+    my ($r, $method, $reqtype) = @_;
+    return 1 if $method ne 'GET';
+    my $ent = $r->{GetNeedsSecretHidden}{$reqtype};
+    return $ent if defined $ent;
+    my $ent = $_resource_get_needs_secret_hidden{$reqtype};
+    return $ent if defined $ent;
+    die "unsupported nonpage GET type $reqtype";
 }
 
 sub check_nonpage ($$) {
-    my ($r, $nonpagetype) = @_;
+    my ($r, $reqtype) = @_;
     $r->_assert_checked();
     return unless $r->resource_get_needs_secret_hidden($nonpagetype);
     return if $r->{ParmT};
-    die "missing hidden secret parameter on nonpage GET $nonpagetype";
+    die "missing hidden secret parameter on nonpage request $nonpagetype";
 }
 
 #---------- output ----------