X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/3e992b758b0d7e96f369372340b95d8ef4302aae..928f6938d25c1d72ab81d75e8b67ab32e45df89c:/IkiWiki/CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 4399d0dcb..a3486cbb4 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -296,6 +296,20 @@ sub cgi_getsession ($) { #{{{
 	return $session;
 } #}}}
 
+# The session id is stored on the form and checked to
+# guard against CSRF. But only if the user is logged in,
+# as anonok can allow anonymous edits.
+sub checksessionexpiry ($$) { # {{{
+	my $session = shift;
+	my $sid = shift;
+
+	if (defined $session->param("name")) {
+		if (! defined $sid || $sid ne $session->id) {
+			error(gettext("Your login session has expired."));
+		}
+	}
+} # }}}
+
 sub cgi_savesession ($) { #{{{
 	my $session=shift;