X-Git-Url: http://git.plutz.net/?a=blobdiff_plain;f=index.cgi;h=a5665c14796e542f2b61f6b610a07bdabd8e9322;hb=66f78a6d8a1142403c1614f20a56e66ca16ca168;hp=16bd9044053803c2ca16b840b5514ab3fde9d106;hpb=1b78a6c60a0c44a164dcf12f1e7683008f2cf402;p=httpchat

diff --git a/index.cgi b/index.cgi
index 16bd904..a5665c1 100755
--- a/index.cgi
+++ b/index.cgi
@@ -2,6 +2,7 @@
 
 _EXEC=.
 _DATA=.
+SESSION_TIMEOUT=43200
 . "$_EXEC/cgilite/logging.sh"
 . "$_EXEC/cgilite/cgilite.sh"
 . "$_EXEC/cgilite/session.sh"
@@ -13,7 +14,9 @@ LOCATION="${LOCATION%%/*}"
 
 yield_page(){
   page="$1"
-  printf 'Content-Type: text/html; charset=utf-8\r\n\r\n'
+  printf '%s\r\n' 'Content-Type: text/html; charset=utf-8' \
+                  "Content-Security-Policy: script-src 'none'" \
+                  ''
   { printf '[html
     [head
       [meta name="viewport" content="width=device-width"]
@@ -29,8 +32,14 @@ yield_page(){
 
 settings_menu(){
   printf '
-    [form #settings method="POST" action="?"
-      [h1 Settings][a .settings href="?" Close]'
+    [form #settings method="POST" action="?settings"
+      [hidden "session_key" "%s"]
+      [h1 Settings][a .settings href="?" Close]
+  ' "$SESSION_KEY"
+  if [ "$ERROR" ]; then
+    printf '[p .error %s %s]' "${ERROR%% *}" "$(HTML "${ERROR#.* }")"
+    unset ERROR
+  fi
   printf '
       [a .section href="#nick" Nickname]
       [div #nick [input name="nickname" value="%s"][submit "action" "nick" Set Cookie]]
@@ -54,7 +63,7 @@ case ${LOCATION} in
     exit 0
     ;;
   \&?*)
-    chatfile="$_DATA/${LOCATION}"
+    chatfile="$_DATA/${LOCATION}/channel"
     . "$_EXEC/channel.sh"
     exit 0
     ;;
@@ -71,6 +80,7 @@ case ${LOCATION} in
     if [ -d "$_DATA/@${LOCATION#~}" ]; then
       pubinfo="$_DATA/@${LOCATION#~}/pubinfo"
     else 
+      # ToDo Edit / Display of public user information
       REDIRECT /
     fi
     ;;