chiark / gitweb /
~ian / cgi-auth-flexible.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
wip
[cgi-auth-flexible.git] / cgi-auth-flexible.pm
diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm
index 0ea969d648f46d33b091531476eb40bdf132844a..f3f1599c462cbbbab0693f5c3c31e022bac77bf0 100644 (file)
--- a/cgi-auth-flexible.pm
+++ b/cgi-auth-flexible.pm
@@ -143,7 +143,7 @@ sub gen_plain_login_form ($$) {
                      ' name="'.$r->{S}{password_param_name}.'"></td></tr>');
         push @form, ('<tr><td colspan="2">',
                      '<input type="submit"'.
-                     ' name="'.$r->{S}{login_submit_name}[0].'"'.
+                     ' name="'.$r->{S}{dummy_param_name_prefix}.'login"'.
                      ' value="'.$r->_gt('Login').'"></td></tr>',
                      '</table>');
         return @form;
@@ -155,7 +155,7 @@ sub gen_postmainpage_form ($$$) {
     return $r->gen_some_form($params, sub {
         my @form;
         push @form, ('<input type="submit"',
-                     ' name="'.$r->{S}{dummy_param_name}.'_submit"'.
+                     ' name="'.$r->{S}{dummy_param_name_prefix}.'submit"'.
                      ' value="'.$r->_gt('Continue').'">');
         return @form;
     });
@@ -189,13 +189,12 @@ sub new_verifier {
            login_form_timeout => 3600, # seconds
            key_rollover => 86400, # seconds
            assoc_param_name => 'caf_assochash',
-           dummy_param_name => 'caf_dummy',
+           dummy_param_name_prefix => 'caf__',
            cookie_name => "caf_assocsecret",
            password_param_name => 'password',
            username_param_names => [qw(username)],
            form_entry_size => 60,
            logout_param_names => [qw(caf_logout)],
-           login_submit_name => [qw(caf_login)],
            loggedout_param_names => [qw(caf_loggedout)],
            promise_check_mutate => 0,
            get_param => sub { $_[0]->param($_[2]) },
@@ -588,8 +587,10 @@ sub _check_divert_core ($) {
     }
 
     die unless $cookt eq 'y';
-    die unless $parmt eq 'y';
-    die unless $cookh eq $parmh;
+    unless ($r->{S}{promise_check_mutate} && $meth eq 'GET') {
+        die unless $parmt eq 'y';
+        die unless $cookh eq $parmh;
+    }
     $r->{AssocSecret} = $cooks;
     $r->{UserOK} = $cooku;
     print STDERR "C-D-C OK\n";
@@ -614,6 +615,10 @@ sub _chain_params ($) {
            delete $p{$name};
        }
     }
+    my $dummy_prefix = $r->{S}{dummy_param_name_prefix};
+    foreach my $name (grep /^$dummy_prefix/, keys %p) {
+        delete $p{$name};
+    }
     return \%p;
 }
 
Unnamed repository; edit this file 'description' to name the repository.