use transaction id for all updates

diff --git a/cgilite b/cgilite
index 3fe2a9ceb477adf245f6cc8f72fb61282e42c904..441856d88c45de3a8a12a8e3ac74f23f3d9b273b 160000 (submodule)
--- a/cgilite
+++ b/cgilite
@@ -1 +1 @@
-Subproject commit 3fe2a9ceb477adf245f6cc8f72fb61282e42c904
+Subproject commit 441856d88c45de3a8a12a8e3ac74f23f3d9b273b

diff --git a/clients.sh b/clients.sh
index fc047a2447aad54669b64e3f927631785b7aa628..474f6258538189525f60dea9dff0d2eb40f96301 100755 (executable)
--- a/clients.sh
+++ b/clients.sh
@@ -14,11 +14,12 @@ edit_client(){
 %s</textarea>
       [label for=hourly Hourly Rate:]
       [input #hourly type=number name=hourly value="%s"]
-      [submit "update" "update" Update]
+      [submit "update" "%s" Update]
     ]' \
     "$(HTML $id)" \
     "$(UNSTRING "${address#address=}" |HTML)" \
-    "$(UNSTRING "${hourly#hourly=}" |grep -xE '[0-9]+')"
+    "$(UNSTRING "${hourly#hourly=}" |grep -xE '[0-9]+')" \
+    "$(tid "clients/$id")"
 }
 
 list_clients(){
@@ -38,13 +39,15 @@ list_clients(){
 }
 
 update_client(){
-  id="$(POST id |checkid)"
-  if [ "$(POST update)" = update -a "$id" ]; then
+  local id="$(POST id |checkid)"
+  if [ "$(POST update)" = "$(tid "clients/$id")" ]; then
     mkdir -p clients
     printf 'address=%s hourly=%s' \
       "$(POST address |STRING)" "$(POST hourly |STRING)" \
       >"clients/$id"
+    REDIRECT "/clients/"
   else
-    echo Invalid Data "$(POST id)" "$(POST update)" >&2
+    error Invalid Data "$id" "$(POST update)"
+    REDIRECT "/clients/$1"
   fi
 }

diff --git a/invoices.cgi b/invoices.cgi
index 7e2f35193ae76bfd1012f3d91e0f62c7a40c3837..10aa8fc8726c6a79463d311738a6e96fd2341024 100755 (executable)
--- a/invoices.cgi
+++ b/invoices.cgi
@@ -24,6 +24,15 @@ printf 'Content-Type: text/html; charset=utf-8\r\n\r\n'
 EOF
 }
 
+tid(){
+  # transaction ID to modify a given file
+  local file="$1"
+  { stat -c %F%i%n%N%s%Y "$file" 2>&-
+    printf %s "$SESSION_ID"
+    server_key
+  } | sha256sum | cut -d\  -f1
+}
+
 info="$(PATH "${PATH_INFO}")"
 
 case $info in
@@ -44,7 +53,6 @@ case $info in
   /update_client)
     . "$_EXEC/clients.sh"
     update_client
-    REDIRECT /clients/
     ;;
   /senders)
     . "$_EXEC/senders.sh"
@@ -59,22 +67,20 @@ case $info in
   /update_sender)
     . "$_EXEC/senders.sh"
     update_sender
-    REDIRECT /senders/
     ;;
   /invoices)
     . "$_EXEC/invoices.sh"
     { list_invoices
-      printf '[a .new href="/invoice/%s" New]' "$(timeid)"
+      printf '[a .new href="/invoices/%s" New]' "$(timeid)"
     } | yield_page invoices
     ;;
-  /invoice/*)
+  /invoices/*)
     . "$_EXEC/invoices.sh"
-    edit_invoice "${info#/invoice/}" |yield_page invoice
+    edit_invoice "${info#/invoices/}" |yield_page invoice
     ;;
   /update_invoice)
     . "$_EXEC/invoices.sh"
     update_invoice
-    REDIRECT "/invoice/$id"
     ;;
   *) REDIRECT /invoices
     ;;

diff --git a/senders.sh b/senders.sh
index 90c3d3815b49fde8179d73bcecf860bc3e956874..4d1f6121661d56c79f81ec5e1d563dc470d5cb94 100755 (executable)
--- a/senders.sh
+++ b/senders.sh
@@ -19,10 +19,11 @@ xxx / 000 / ###
     [form method="POST" action="/update_sender"
       [hidden "id" "%s"]
       <textarea name="address" placeholder="address">%s</textarea>
-      [submit "update" "update" Update]
+      [submit "update" "%s" Update]
     ]' \
     "$(HTML $id)" \
-    "$(HTML "${address}")"
+    "$(HTML "${address}")" \
+    "$(tid "senders/$id")"
 }
 
 list_senders(){
@@ -37,8 +38,11 @@ list_senders(){
 
 update_sender(){
   id="$(POST id |checkid)"
-  if [ "$(POST update)" = update -a "$id" ]; then
+  if [ "$(POST update)" = "$(tid "senders/$id")" ]; then
     mkdir -p senders
     POST address >"senders/$id"
+    REDIRECT "/senders/"
+  else
+    REDIRECT "/senders/$id"
   fi
 }