chiark / gitweb /
~ian / cgi-auth-flexible.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2f0262f) | patch
check_nonpage: Handle ParmT ne 'y' correctly
authorIan Jackson <ian.jackson@eu.citrix.com>
Wed, 28 Oct 2015 16:27:07 +0000 (16:27 +0000)
committerIan Jackson <Ian.Jackson@eu.citrix.com>
Wed, 28 Oct 2015 16:27:07 +0000 (16:27 +0000)
commit4b63ec666089ffd49b6b83c787a3a9a980bcf6a9
treec75edc73dab33e83048b883663ab72e6de26b38atree | snapshot
parent2f0262f07582bdf723267a0c4df094dd423eea5bcommit | diff
check_nonpage: Handle ParmT ne 'y' correctly

If check_nonpage needs to check authenticity of the submission, only a
valid hidden form parameter ought to be permitted.

This seems to have simply a logic error where (in 2cc2bcd0 "javascript
hijacking fix") I thought ParmT was a perl booleanish; but, of course,
it isn't.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
cgi-auth-flexible.pm diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.