X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/dd349d69ea2361360b4534d9c77806345ff490ad..07c9cddb50856d8f94c9618187227027a27fe4c8:/IkiWiki/CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index dac522eea..a3486cbb4 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -278,9 +278,9 @@ sub check_banned ($$) { #{{{
 sub cgi_getsession ($) { #{{{
 	my $q=shift;
 
-	eval q{use CGI::Session};
+	eval q{use CGI::Session; use HTML::Entities};
 	error($@) if $@;
-	CGI::Session->name("ikiwiki_session_".encode_utf8($config{wikiname}));
+	CGI::Session->name("ikiwiki_session_".encode_entities($config{wikiname}));
 	
 	my $oldmask=umask(077);
 	my $session = eval {
@@ -296,6 +296,20 @@ sub cgi_getsession ($) { #{{{
 	return $session;
 } #}}}
 
+# The session id is stored on the form and checked to
+# guard against CSRF. But only if the user is logged in,
+# as anonok can allow anonymous edits.
+sub checksessionexpiry ($$) { # {{{
+	my $session = shift;
+	my $sid = shift;
+
+	if (defined $session->param("name")) {
+		if (! defined $sid || $sid ne $session->id) {
+			error(gettext("Your login session has expired."));
+		}
+	}
+} # }}}
+
 sub cgi_savesession ($) { #{{{
 	my $session=shift;