From e403fe126d811e7ddf47d0840331519476cda298 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Fri, 11 Jan 2013 16:10:09 +0000 Subject: [PATCH] wip --- cgi-auth-flexible.pm | 13 +++++++++++++ test.cgi | 28 ++++++++++++++++++++++++++-- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm index 382b845..0ea969d 100644 --- a/cgi-auth-flexible.pm +++ b/cgi-auth-flexible.pm @@ -926,6 +926,12 @@ sub _assert_checked ($) { die "unchecked" unless exists $r->{Divert}; } +sub _is_post ($) { + my ($r) = @_; + my $meth = $r->_ch('get_method'); + return $meth eq 'POST'; +} + sub _must_be_post ($) { my ($r) = @_; my $meth = $r->_ch('get_method'); @@ -939,6 +945,13 @@ sub check_mutate ($) { $r->_must_be_post(); } +sub mutate_ok ($) { + my ($r) = @_; + $r->_assert_checked(); + die if $r->{Divert}; + return $r->_is_post(); +} + #---------- output ---------- sub secret_cookie_val ($) { diff --git a/test.cgi b/test.cgi index 71ff2fe..289ac71 100755 --- a/test.cgi +++ b/test.cgi @@ -2,9 +2,11 @@ use strict; use warnings; -use CGI; +use CGI qw/escapeHTML/;; use CGI::Auth::Flexible; use URI; +use Data::Dumper; + #use Carp::Always; $SIG{__DIE__} = sub { Carp::confess(@_) }; @@ -13,6 +15,7 @@ my $dump = "$ENV{'CAHTEST_HOME'}/dump"; my $verifier = CGI::Auth::Flexible->new_verifier( username_password_ok => sub { my ($c,$r,$u,$p)=@_; return $p eq 'sesame'; }, encrypted_only => 0, + promise_check_mutate => 1, dir => $dump, ); @@ -36,9 +39,30 @@ Set-Cookie: $cookie

H1

again

info

+END
+
+my %vars = $q->Vars();
+delete $vars{caf_assochash};
+
+my $txt = Data::Dumper->Dump([$authreq->get_username(), $authreq->mutate_ok(),
+                              $q->path_info(), \%vars],
+                             [qw(username mutate_ok path params)]);
+foreach my $l (split /\n/, $txt) {
+    print escapeHTML($l),"\n";
+}
+
+print <
 
 $hiddenhtml
-
+
+
 
 
+
+$hiddenhtml
+
+
 END
-- 
2.30.2