hold session key in POST data

diff --git a/channel.sh b/channel.sh
index 83b38d951aec003255859639a0c655967c354a01..b930620ab610a93653cfe14186842f7ac98f38cb 100755 (executable)
--- a/channel.sh
+++ b/channel.sh
@@ -40,10 +40,10 @@ else
   { printf '
     [form #channel method="POST"
       [submit "action" "submit" style="display: none;"]
-      [input type=hidden name=channelkey value="%s"][input type=hidden name=timenonce value="%s"]
+      [hidden "session_key" "%s"][hidden "channelkey" "%s"][hidden "timenonce" "%s"]
       [a .settings href="?settings#nick" Settings][input autocomplete="off" name="message" autofocus=true][submit "action" "submit" Send!]
     ]
-  ' "$channelkey" "$_DATE"
+  ' "$SESSION_KEY" "$channelkey" "$_DATE"
   SHESCAPE='s;[]&<>#."[];\\&;g;'
 
   while sleep 10; do printf '\n'; done &

diff --git a/index.cgi b/index.cgi
index 194ac98e3477de31d5343fa2827eeac690392865..f44d288db0e41ba30f093e2a1c485424b61172ed 100755 (executable)
--- a/index.cgi
+++ b/index.cgi
@@ -33,11 +33,12 @@ yield_page(){
 settings_menu(){
   printf '
     [form #settings method="POST" action="?"
+      [hidden "session_key" "%s"]
       [h1 Settings][a .settings href="?" Close]'
   printf '
       [a .section href="#nick" Nickname]
       [div #nick [input name="nickname" value="%s"][submit "action" "nick" Set Cookie]]
-  ' "$(HTML "${nickname#\?}")"
+  ' "$SESSION_KEY" "$(HTML "${nickname#\?}")"
   printf '
       [a .section href="#register" Register Nickname]
       [div #register