mason/pastebin/, static/odin.css: Cope if client doesn't send cookies.

Previously the edit key would just get lost.  Instead, detect the
situation and show a page with a fierce warning: because we can't hide
the edit key anywhere other than the actual page URL, the link is unsafe
to share, so it's important to make it obvious which link is safe.

diff --git a/mason/pastebin/%show b/mason/pastebin/%show
index b8dc06951eb54185f60830643b6b019764687980..7668de7cc6c6aa166bad9b8927868e9e258ae4fb 100644 (file)
--- a/mason/pastebin/%show
+++ b/mason/pastebin/%show
@@ -2,11 +2,22 @@
        title => Odin::escapify($m, $title) . " (odin.gg Paste Bin)" &>
 <h1><tt>odin.gg</tt> Paste Bin: <% $title %></h1>
 <div class="menu">
-  <span class="item"><a href="<% "$Odin::PASTEBIN/$tag?op=raw" %>">Raw</a></span>
+  <span class="item"><a href="<% "$Odin::PASTEBIN/$tag?op=raw" |h %>">Raw</a></span>
 % if (defined $edit) {
-  <span class="item"><a href="<% "$Odin::PASTEBIN/$tag?edit=$edit" %>">Edit</a></span>
+  <span class="item"><a href="<% "$Odin::PASTEBIN/$tag?edit=$edit" |h %>">Edit</a></span>
 % }
 </div>
+% if (defined $honc) {
+<div class="note">
+<p>Your browser doesn't appear to be accepting my cookies.
+<p>Don't share the link to this page with other people.  <b>If you do,
+  they'll be able to edit this paste just as you can</b>, using the
+  <b>Edit</b> link at the top of the page.
+<p>Instead, share this link:
+  <a href="<% "$Odin::PASTEBIN/$tag" |h %>"><%
+    "$Odin::PASTEBIN/$tag" |h %></a>
+</div>
+% }
 <pre class="paste">
 % if ($lang eq 'txt') {
 <% $content |h %>\
@@ -34,6 +45,7 @@
        $title
        $lang
        $tag
+       $honc
        $edit
 </%args>
 %#

diff --git a/mason/pastebin/dhandler b/mason/pastebin/dhandler
index 7f6ea24dcb7b0f3c207583467ca177e1216a34e6..85b7ef31c1bbef9739aed6be9a39a0f1308fbbba 100644 (file)
--- a/mason/pastebin/dhandler
+++ b/mason/pastebin/dhandler
@@ -7,6 +7,13 @@
            -path => "$Odin::PASTEBIN_PATH/", %attr;
        }
 
+       sub hasuff ($) {
+         my ($edit) = @_;
+         return $Odin::COOKIE{"odin-cookie-probe"} ? "" : "?honc=$edit";
+       }
+
+       Odin::bake_cookie $r, "odin-cookie-probe=t";
+
        my %props = (
          lang => $lang, title => $title,
          content => Odin::tidy_pastebin_content $content
@@ -22,7 +29,8 @@
              $m->print($old{content});
            } else {
              $edit = $Odin::COOKIE{"odin-handoff.$tag"};
-             $m->comp("%show", tag => $tag, edit => $edit, %old);
+             $m->comp("%show", tag => $tag,
+                      honc => $honc, edit => $edit // $honc, %old);
            }
          } else {
            if ($op eq "del") {
@@ -32,14 +40,17 @@
            } else {
              set_handoff_cookie $tag, $edit;
              my $editp = Odin::update_pastebin $tag, $edit, %props;
-             if ($editp) { $m->redirect("$Odin::PASTEBIN/$tag"); }
-             else { $m->comp("%edit", tag => $tag, edit => $edit, %props); }
+             if ($editp) {
+               $m->redirect("$Odin::PASTEBIN/$tag" . hasuff $edit);
+             } else {
+               $m->comp("%edit", tag => $tag, edit => $edit, %props);
+             }
            }
          }
        } elsif (defined $content) {
          ($tag, $edit) = Odin::new_pastebin %props;
          set_handoff_cookie $tag, $edit;
-         $m->redirect("$Odin::PASTEBIN/$tag");
+         $m->redirect("$Odin::PASTEBIN/$tag" . hasuff $edit);
        } else {
          Odin::path_info($r) =~ m:/$:
            or $m->redirect("$Odin::PASTEBIN/", 301);
@@ -52,6 +63,7 @@
        $edit => undef
        $lang => undef
        $title => undef
+       $honc => undef
        $op => "edit"
 </%args>
 %#

diff --git a/static/odin.css b/static/odin.css
index 80e23fc99948e2cfa3a2f1c009aa0b74fc176b03..6408dd6773a6795f475632cc197160997d0c2298 100644 (file)
--- a/static/odin.css
+++ b/static/odin.css
@@ -38,3 +38,9 @@ input#title { min-width: 24em; }
 
 div.pastebin { float: left; }
 div.paste-widgets { text-align: center; margin: 1ex; }
+
+div.note {
+       border: solid red;
+       padding: 1ex;
+       margin: 2ex;
+}