]> git.sesse.net Git - itkacl/blob - itkacl-web-1.0/web/addnode.pl
projects / itkacl / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Protect the web interface against CSRF, and the CSRF token against BREACH.
[itkacl] / itkacl-web-1.0 / web / addnode.pl
1 #! /usr/bin/perl -T
2 use strict;
3 use warnings;
4 use utf8;
5
6 use lib '../include';
7 use itkaclcommon;
8
9 itkaclcommon::init();
10 itkaclcommon::check_csrf_token();
11
12 my $parent = $itkaclcommon::cgi->param('parent');
13 my $name = $itkaclcommon::cgi->param('name');
14 my $description = $itkaclcommon::cgi->param('description');
15
16 if ($name !~ /^[a-zA-Z0-9-]+$/) {
17         die "Illegal characters in name";
18 }
19 if (length($name) > 64) {
20         die "Name too long";
21 }
22         
23 $itkaclcommon::dbh->do('INSERT INTO objects (name,description,parent) VALUES (?,?,?)', undef,
24     $name, $description, $parent)
25         or die "Couldn't insert new object";
26
27 # Let sync-itkacl know there's updates
28 utime(time(), time(), '/etc/itkacl/updated');
29
30 #
31 # Redirect to the newly created node (a little touch: make sure the node
32 # is opened so the new node is visible in the tree -- this won't catch all
33 # cases, but at least most of them).
34
35 my $ref = $itkaclcommon::dbh->selectrow_hashref('SELECT id FROM objects WHERE name=? AND parent=?',
36         undef, $name, $parent);
37         
38 print $itkaclcommon::cgi->redirect("view.pl?entry=$ref->{'id'}&open=$parent");
39
A simple but generic authorization system with bindings to many languages and systems.