From 8ab57724f6c6d4d14040a393f51a108c6aba9c60 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Wed, 4 Nov 2020 13:21:18 +0100 Subject: [PATCH] hold session key in POST data --- channel.sh | 4 ++-- index.cgi | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/channel.sh b/channel.sh index 83b38d9..b930620 100755 --- a/channel.sh +++ b/channel.sh @@ -40,10 +40,10 @@ else { printf ' [form #channel method="POST" [submit "action" "submit" style="display: none;"] - [input type=hidden name=channelkey value="%s"][input type=hidden name=timenonce value="%s"] + [hidden "session_key" "%s"][hidden "channelkey" "%s"][hidden "timenonce" "%s"] [a .settings href="?settings#nick" Settings][input autocomplete="off" name="message" autofocus=true][submit "action" "submit" Send!] ] - ' "$channelkey" "$_DATE" + ' "$SESSION_KEY" "$channelkey" "$_DATE" SHESCAPE='s;[]&<>#."[];\\&;g;' while sleep 10; do printf '\n'; done & diff --git a/index.cgi b/index.cgi index 194ac98..f44d288 100755 --- a/index.cgi +++ b/index.cgi @@ -33,11 +33,12 @@ yield_page(){ settings_menu(){ printf ' [form #settings method="POST" action="?" + [hidden "session_key" "%s"] [h1 Settings][a .settings href="?" Close]' printf ' [a .section href="#nick" Nickname] [div #nick [input name="nickname" value="%s"][submit "action" "nick" Set Cookie]] - ' "$(HTML "${nickname#\?}")" + ' "$SESSION_KEY" "$(HTML "${nickname#\?}")" printf ' [a .section href="#register" Register Nickname] [div #register -- 2.39.2