chiark
/
gitweb
/
~ian
/
cgi-auth-flexible.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
check_nonpage: Handle ParmT ne 'y' correctly
[cgi-auth-flexible.git]
/
cgi-auth-flexible.pm
diff --git
a/cgi-auth-flexible.pm
b/cgi-auth-flexible.pm
index 5e5d0449ad536d2d7b3eaba51bb4ab27e94bf6a7..e52441b802b1647dff1f927fd7018ee7aa959827 100644
(file)
--- a/
cgi-auth-flexible.pm
+++ b/
cgi-auth-flexible.pm
@@
-758,11
+758,11
@@
sub construct_cookie ($$$) {
# y nt POST r u intra-site request from stale page
# fail
#
# y nt POST r u intra-site request from stale page
# fail
#
- # -
/n
y2 GET nr intra-site link from cleared session
+ # -
n
y2 GET nr intra-site link from cleared session
# do not revoke y2 as not RESTful
# treat as -/n n GET
#
# do not revoke y2 as not RESTful
# treat as -/n n GET
#
- # -
/n
y2 POST nrmu request from cleared session
+ # -
n
y2 POST nrmu request from cleared session
# revoke y2
# treat as -/n n POST
#
# revoke y2
# treat as -/n n POST
#
@@
-1360,7
+1360,7
@@
sub check_nonpage ($$) {
my ($r, $reqtype) = @_;
$r->_assert_checked();
return unless $r->resource_get_needs_secret_hidden($reqtype);
my ($r, $reqtype) = @_;
$r->_assert_checked();
return unless $r->resource_get_needs_secret_hidden($reqtype);
- return if $r->{ParmT};
+ return if $r->{ParmT}
eq 'y'
;
die "missing hidden secret parameter on nonpage request $reqtype";
}
die "missing hidden secret parameter on nonpage request $reqtype";
}