update_get_need_add_hidden: new $force parameter

[cgi-auth-flexible.git] / cgi-auth-flexible.pm

diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm
index 137de002125ffd661342d9de22bcbcedcb50ed14..1f44b8d23d74bb77a5e5140e2924091ce09b8353 100644 (file)
--- a/cgi-auth-flexible.pm
+++ b/cgi-auth-flexible.pm
@@ -1042,8 +1042,7 @@ sub url_with_query_params ($$;$) {
     my $uri = URI->new($r->_ch('get_url'));
     $uri->path($uri->path() . $params->{''}[0]) if $params->{''};
     my @flatparams = flatten_params($params);
-    if (defined $nonpagetype
-       && $r->nonpage_get_needs_secret_hidden($nonpagetype)) {
+    if (defined $nonpagetype && $r->need_add_hidden('GET',$nonpagetype)) {
        push @flatparams, $r->{S}{assoc_param_name}, $r->secret_hidden_val();
     }
     $uri->query_form(@flatparams);
@@ -1078,7 +1077,7 @@ sub check_ok ($) {
     }
 
     if ($kind =~ m/^REDIRECT-/) {
-       # for redirects, we honour stored NextParams and SetCookie,
+       # for redirects, we honour stored Params and Cookie,
        # as we would for non-divert
        if ($kind eq 'REDIRECT-LOGGEDOUT') {
            $params->{$r->{S}{loggedout_param_names}[0]} = [ 1 ];
@@ -1286,22 +1285,18 @@ sub check_mutate ($) {
     $r->_must_be_post();
 }
 
-sub mutate_ok ($) {
-    my ($r) = @_;
-    $r->_assert_checked();
-    die if $r->{Divert};
-    return $r->_is_post();
-}
-
 our %_resource_get_needs_secret_hidden =
     (map { $_ => 0 } qw(PAGE FRAME IFRAME SRCDUMP STYLESHEET FAVICON ROBOTS),
      map { $_ => 1 } qw(IMAGE SCRIPT AJAX-XML AJAX-JSON AJAX-OTHER));
 
-sub update_get_need_add_hidden ($$) {
-    my ($r, $reqtype, $value) = @_;
+sub update_get_need_add_hidden ($$;$) {
+    my ($r, $reqtype, $value, $force) = @_;
     my $hash = ref $r
        ? ($r->{GetNeedsSecretHidden} ||= { })
        : \%_resource_get_needs_secret_hidden;
+    return if !$force &&
+       (exists $_resource_get_needs_secret_hidden{$reqtype} ||
+        exists $hash->{$reqtype});
     $hash->{$reqtype} = $value;
 }