From 6ebe4849dd75ec01197bf465ea20b6aa74e770a1 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 21 Jan 2013 05:23:51 +0100 Subject: More secure way to check unlock tokens. --- lib/Fripost/Panel/Interface.pm | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'lib/Fripost/Panel/Interface.pm') diff --git a/lib/Fripost/Panel/Interface.pm b/lib/Fripost/Panel/Interface.pm index e4724d1..cc7545a 100644 --- a/lib/Fripost/Panel/Interface.pm +++ b/lib/Fripost/Panel/Interface.pm @@ -66,8 +66,9 @@ sub ListLocals : Runmode { my $fp = Fripost::Schema::->SASLauth( $self->authen->username, %CFG ); my $q = $self->query; - if (defined $q->param('unlock') and $q->param('unlock') ne '') { - $fp->domain->unlock( $d, $q->param('unlock') ); + if (defined $q->param('unlock')) { + $fp->domain->unlock( $d, $q->param('unlock') ) + if $q->param('unlock') ne ''; $fp->done; return $self->redirect('../'); } @@ -224,6 +225,7 @@ sub EditLocal : Runmode { # Search for *the* matching user, alias or list. my ($d,$l) = ($self->split_path)[1,2]; + $fp->domain->get ($d, -die => 404, -attrs => []); my %local = $fp->local->get ($l.'@'.$d, -die => 404, -concat => "\x{0D}\x{0A}" ); die "Unknown type" unless grep { $local{type} eq $_ } @@ -486,6 +488,7 @@ sub AddLocal : Runmode { unless ($error) { my $fp = Fripost::Schema::->SASLauth( $self->authen->username, %CFG ); + $fp->domain->get ($d, -die => 404, -attrs => []); $error = $fp->$t->add( \%entry, -concat => "(\n|\x{0D}\x{0A})", %rest); $fp->done; return $self->redirect('./') unless $error; -- cgit v1.2.3