diff options
| author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2013-01-21 05:23:51 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2013-01-21 05:23:51 +0100 |
| commit | 6ebe4849dd75ec01197bf465ea20b6aa74e770a1 (patch) | |
| tree | a038b1064484e3f4b99a4d2c3773b1362fbd267f /lib/Fripost/Panel/Interface.pm | |
| parent | 49bf1466958645b24b113a40d126d84fec9a941b (diff) | |
More secure way to check unlock tokens.
Diffstat (limited to 'lib/Fripost/Panel/Interface.pm')
| -rw-r--r-- | lib/Fripost/Panel/Interface.pm | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/Fripost/Panel/Interface.pm b/lib/Fripost/Panel/Interface.pm index e4724d1..cc7545a 100644 --- a/lib/Fripost/Panel/Interface.pm +++ b/lib/Fripost/Panel/Interface.pm @@ -66,8 +66,9 @@ sub ListLocals : Runmode { my $fp = Fripost::Schema::->SASLauth( $self->authen->username, %CFG ); my $q = $self->query; - if (defined $q->param('unlock') and $q->param('unlock') ne '') { - $fp->domain->unlock( $d, $q->param('unlock') ); + if (defined $q->param('unlock')) { + $fp->domain->unlock( $d, $q->param('unlock') ) + if $q->param('unlock') ne ''; $fp->done; return $self->redirect('../'); } @@ -224,6 +225,7 @@ sub EditLocal : Runmode { # Search for *the* matching user, alias or list. my ($d,$l) = ($self->split_path)[1,2]; + $fp->domain->get ($d, -die => 404, -attrs => []); my %local = $fp->local->get ($l.'@'.$d, -die => 404, -concat => "\x{0D}\x{0A}" ); die "Unknown type" unless grep { $local{type} eq $_ } @@ -486,6 +488,7 @@ sub AddLocal : Runmode { unless ($error) { my $fp = Fripost::Schema::->SASLauth( $self->authen->username, %CFG ); + $fp->domain->get ($d, -die => 404, -attrs => []); $error = $fp->$t->add( \%entry, -concat => "(\n|\x{0D}\x{0A})", %rest); $fp->done; return $self->redirect('./') unless $error; |