fields => [qw{do page}],
);
+ $f->field(name => "sid", type => "hidden", value => $session->id,
+ force => 1);
$f->field(name => "do", type => "hidden", value => "remove", force => 1);
return $f, ["Remove", "Cancel"];
postremove($session);
}
elsif ($form->submitted eq 'Remove' && $form->validate) {
+ IkiWiki::checksessionexpiry($q, $session, $q->param('sid'));
+
my @pages=$form->field("page");
# Validate removal by checking that the page exists,
);
$f->field(name => "do", type => "hidden", value => "rename", force => 1);
+ $f->field(name => "sid", type => "hidden", value => $session->id,
+ force => 1);
$f->field(name => "page", type => "hidden", value => $page, force => 1);
$f->field(name => "new_name", value => pagetitle($page, 1), size => 60);
if (!$q->param("attachment")) {
postrename($session);
}
elsif ($form->submitted eq 'Rename' && $form->validate) {
+ IkiWiki::checksessionexpiry($q, $session, $q->param('sid'));
+
# Queue of rename actions to perfom.
my @torename;
(And also negative years.)
* calendar: Display year in title of month calendar.
* Use xhtml friendly pubdate setting.
+ * remove, rename: Add guards against XSRF attacks.
-- Joey Hess <joeyh@debian.org> Wed, 05 May 2010 18:07:29 -0400
projects / ikiwiki.git / commitdiff