]> git.sesse.net Git - itkacl/blob - itkacl-web-1.0/web/change-comment.pl
projects / itkacl / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Protect the web interface against CSRF, and the CSRF token against BREACH.
[itkacl] / itkacl-web-1.0 / web / change-comment.pl
1 #! /usr/bin/perl -T
2 use strict;
3 use warnings;
4 use utf8;
5
6 use lib '../include';
7 use itkaclcommon;
8
9 itkaclcommon::init();
10 itkaclcommon::check_csrf_token();
11
12 my $entry = $itkaclcommon::cgi->param('entry');
13 my $entity = $itkaclcommon::cgi->param('entity');
14 my $entity_type = $itkaclcommon::cgi->param('entity_type');
15 my $comment = $itkaclcommon::cgi->param('comment');
16
17 $itkaclcommon::dbh->do('UPDATE aclentries SET comment=? WHERE object=? AND entity_type=? AND entity=?', undef,
18     $comment, $entry, $entity_type, $entity)
19         or die "Couldn't change comment";
20
21 print $itkaclcommon::cgi->header(-type=>'text/plain');
22 print "OK\n";
A simple but generic authorization system with bindings to many languages and systems.