die "unchecked" unless exists $r->{Divert};
}
+sub _is_post ($) {
+ my ($r) = @_;
+ my $meth = $r->_ch('get_method');
+ return $meth eq 'POST';
+}
+
sub _must_be_post ($) {
my ($r) = @_;
my $meth = $r->_ch('get_method');
$r->_must_be_post();
}
+sub mutate_ok ($) {
+ my ($r) = @_;
+ $r->_assert_checked();
+ die if $r->{Divert};
+ return $r->_is_post();
+}
+
#---------- output ----------
sub secret_cookie_val ($) {
use strict;
use warnings;
-use CGI;
+use CGI qw/escapeHTML/;;
use CGI::Auth::Flexible;
use URI;
+use Data::Dumper;
+
#use Carp::Always;
$SIG{__DIE__} = sub { Carp::confess(@_) };
my $verifier = CGI::Auth::Flexible->new_verifier(
username_password_ok => sub { my ($c,$r,$u,$p)=@_; return $p eq 'sesame'; },
encrypted_only => 0,
+ promise_check_mutate => 1,
dir => $dump,
);
<body><h1>H1</h1>
<h1>again</h1>
+<h1>info<h1>
+<pre>
+END
+
+my %vars = $q->Vars();
+delete $vars{caf_assochash};
+
+my $txt = Data::Dumper->Dump([$authreq->get_username(), $authreq->mutate_ok(),
+ $q->path_info(), \%vars],
+ [qw(username mutate_ok path params)]);
+foreach my $l (split /\n/, $txt) {
+ print escapeHTML($l),"\n";
+}
+
+print <<END;
+</pre>
<form method="POST" action="$url">
$hiddenhtml
-<input type="submit" name="test_cgi_submit" value="Make sponges">
+<input type="submit" name="test_cgi_sponges" value="Make sponges">
+<input type="submit" name="test_cgi_worms" value="Make worms">
<input type="submit" name="caf_logout" value="Logout">
</form>
+<form method="POST" action="$url/extra">
+$hiddenhtml
+<input type="submit" name="test_cgi_append" value="Append">
+</form>
END
~ian / cgi-auth-flexible.git / commitdiff