X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=cgi-auth-flexible.git;a=blobdiff_plain;f=cgi-auth-flexible.pm;h=f393b3cfa06f3276ffb338e11540995459d89111;hp=137de002125ffd661342d9de22bcbcedcb50ed14;hb=55787f15c586591bbcf9e70e2e884c4b39856d5a;hpb=0e3eb3aef176eac1e7209f01ad73e2e91f782507 diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm index 137de00..f393b3c 100644 --- a/cgi-auth-flexible.pm +++ b/cgi-auth-flexible.pm @@ -77,10 +77,11 @@ sub has_a_param ($$) { sub get_params ($) { my ($r) = @_; - my %p; my $c = $r->{Cgi}; - foreach my $name ($c->param()) { - $p{$name} = [ $c->param($name) ]; + my $vars = $c->Vars(); + my %p; + foreach my $name (keys %$vars) { + $p{$name} = [ split "\0", $vars->{$name} ]; } return \%p; } @@ -446,14 +447,13 @@ sub new_verifier { get_path_info => sub { $_[0]->path_info() }, get_cookie => sub { $_[0]->cookie($_[1]->{S}{cookie_name}) }, get_method => sub { $_[0]->request_method() }, - check_https => sub { !!$_[0]->https() }, + is_https => sub { !!$_[0]->https() }, get_url => sub { $_[0]->url(); }, is_login => sub { defined $_[1]->_rp('password_param_name') }, login_ok => \&login_ok_password, username_password_error => sub { die }, is_logout => sub { $_[1]->has_a_param('logout_param_names') }, is_loggedout => sub { $_[1]->has_a_param('loggedout_param_names') }, - is_page => sub { return 1 }, handle_divert => sub { return 0 }, do_redirect => \&do_redirect_cgi, # this hook is allowed to throw cookie_path => "/", @@ -789,7 +789,7 @@ sub _check_divert_core ($) { my $cooks = $r->_ch('get_cookie'); - if ($r->{S}{encrypted_only} && !$r->_ch('check_https')) { + if ($r->{S}{encrypted_only} && !$r->_ch('is_https')) { return ({ Kind => 'REDIRECT-HTTPS', Message => $r->_gt("Redirecting to secure server..."), CookieSecret => undef, @@ -1042,8 +1042,7 @@ sub url_with_query_params ($$;$) { my $uri = URI->new($r->_ch('get_url')); $uri->path($uri->path() . $params->{''}[0]) if $params->{''}; my @flatparams = flatten_params($params); - if (defined $nonpagetype - && $r->nonpage_get_needs_secret_hidden($nonpagetype)) { + if (defined $nonpagetype && $r->need_add_hidden('GET',$nonpagetype)) { push @flatparams, $r->{S}{assoc_param_name}, $r->secret_hidden_val(); } $uri->query_form(@flatparams); @@ -1078,7 +1077,7 @@ sub check_ok ($) { } if ($kind =~ m/^REDIRECT-/) { - # for redirects, we honour stored NextParams and SetCookie, + # for redirects, we honour stored Params and Cookie, # as we would for non-divert if ($kind eq 'REDIRECT-LOGGEDOUT') { $params->{$r->{S}{loggedout_param_names}[0]} = [ 1 ]; @@ -1286,30 +1285,28 @@ sub check_mutate ($) { $r->_must_be_post(); } -sub mutate_ok ($) { - my ($r) = @_; - $r->_assert_checked(); - die if $r->{Divert}; - return $r->_is_post(); -} - our %_resource_get_needs_secret_hidden = (map { $_ => 0 } qw(PAGE FRAME IFRAME SRCDUMP STYLESHEET FAVICON ROBOTS), map { $_ => 1 } qw(IMAGE SCRIPT AJAX-XML AJAX-JSON AJAX-OTHER)); -sub update_get_need_add_hidden ($$) { - my ($r, $reqtype, $value) = @_; +sub update_get_need_add_hidden ($$;$) { + my ($r, $reqtype, $value, $force) = @_; my $hash = ref $r ? ($r->{GetNeedsSecretHidden} ||= { }) : \%_resource_get_needs_secret_hidden; + return if !$force && + (exists $_resource_get_needs_secret_hidden{$reqtype} || + exists $hash->{$reqtype}); $hash->{$reqtype} = $value; } sub need_add_hidden ($$) { my ($r, $method, $reqtype) = @_; return 1 if $method ne 'GET'; - my $ent = $r->{GetNeedsSecretHidden}{$reqtype}; - return $ent if defined $ent; + if (ref $r) { + my $ent = $r->{GetNeedsSecretHidden}{$reqtype}; + return $ent if defined $ent; + } my $ent = $_resource_get_needs_secret_hidden{$reqtype}; return $ent if defined $ent; die "unsupported nonpage GET type $reqtype";