sub get_params ($) {
my ($r) = @_;
- my %p;
my $c = $r->{Cgi};
- foreach my $name ($c->param()) {
- $p{$name} = [ $c->param($name) ];
+ my $vars = $c->Vars();
+ my %p;
+ foreach my $name (keys %$vars) {
+ $p{$name} = [ split "\0", $vars->{$name} ];
}
return \%p;
}
get_path_info => sub { $_[0]->path_info() },
get_cookie => sub { $_[0]->cookie($_[1]->{S}{cookie_name}) },
get_method => sub { $_[0]->request_method() },
- check_https => sub { !!$_[0]->https() },
+ is_https => sub { !!$_[0]->https() },
get_url => sub { $_[0]->url(); },
is_login => sub { defined $_[1]->_rp('password_param_name') },
login_ok => \&login_ok_password,
my $cooks = $r->_ch('get_cookie');
- if ($r->{S}{encrypted_only} && !$r->_ch('check_https')) {
+ if ($r->{S}{encrypted_only} && !$r->_ch('is_https')) {
return ({ Kind => 'REDIRECT-HTTPS',
Message => $r->_gt("Redirecting to secure server..."),
CookieSecret => undef,
my $uri = URI->new($r->_ch('get_url'));
$uri->path($uri->path() . $params->{''}[0]) if $params->{''};
my @flatparams = flatten_params($params);
- if (defined $nonpagetype
- && $r->nonpage_get_needs_secret_hidden($nonpagetype)) {
+ if (defined $nonpagetype && $r->need_add_hidden('GET',$nonpagetype)) {
push @flatparams, $r->{S}{assoc_param_name}, $r->secret_hidden_val();
}
$uri->query_form(@flatparams);
}
if ($kind =~ m/^REDIRECT-/) {
- # for redirects, we honour stored NextParams and SetCookie,
+ # for redirects, we honour stored Params and Cookie,
# as we would for non-divert
if ($kind eq 'REDIRECT-LOGGEDOUT') {
$params->{$r->{S}{loggedout_param_names}[0]} = [ 1 ];
$r->_must_be_post();
}
-sub mutate_ok ($) {
- my ($r) = @_;
- $r->_assert_checked();
- die if $r->{Divert};
- return $r->_is_post();
-}
-
our %_resource_get_needs_secret_hidden =
- (map { $_ => 0 } qw(PAGE FRAME IFRAME SRCDUMP STYLESHEET FAVICON),
+ (map { $_ => 0 } qw(PAGE FRAME IFRAME SRCDUMP STYLESHEET FAVICON ROBOTS),
map { $_ => 1 } qw(IMAGE SCRIPT AJAX-XML AJAX-JSON AJAX-OTHER));
-sub resource_get_needs_secret_hidden ($) {
- my ($r, $nonpagetype) = @_;
- my $ent = $_resource_get_needs_secret_hidden{$nonpagetype};
- die "unsupported nonpage GET type $nonpagetype" unless defined $ent;
- return $ent;
+sub update_get_need_add_hidden ($$;$) {
+ my ($r, $reqtype, $value, $force) = @_;
+ my $hash = ref $r
+ ? ($r->{GetNeedsSecretHidden} ||= { })
+ : \%_resource_get_needs_secret_hidden;
+ return if !$force &&
+ (exists $_resource_get_needs_secret_hidden{$reqtype} ||
+ exists $hash->{$reqtype});
+ $hash->{$reqtype} = $value;
+}
+
+sub need_add_hidden ($$) {
+ my ($r, $method, $reqtype) = @_;
+ return 1 if $method ne 'GET';
+ if (ref $r) {
+ my $ent = $r->{GetNeedsSecretHidden}{$reqtype};
+ return $ent if defined $ent;
+ }
+ my $ent = $_resource_get_needs_secret_hidden{$reqtype};
+ return $ent if defined $ent;
+ die "unsupported nonpage GET type $reqtype";
}
sub check_nonpage ($$) {
- my ($r, $nonpagetype) = @_;
+ my ($r, $reqtype) = @_;
$r->_assert_checked();
return unless $r->resource_get_needs_secret_hidden($nonpagetype);
return if $r->{ParmT};
- die "missing hidden secret parameter on nonpage GET $nonpagetype";
+ die "missing hidden secret parameter on nonpage request $nonpagetype";
}
#---------- output ----------
~ian / cgi-auth-flexible.git / blobdiff