Differences From:

File src/wiki.c part of check-in [4ef19b554a] - Fix a few typos in documentation. by drh on 2008-10-11 15:11:31. [view]

To:

File src/wiki.c part of check-in [0be54823ba] - Add defenses against cross-site request forgery attacks. by drh on 2008-10-18 12:55:44. [view]

@@ -252,8 +252,9 @@
     db_begin_transaction();
     if( isSandbox ){
       db_set("sandbox",zBody,0);
     }else{
+      login_verify_csrf_secret();
       zDate = db_text(0, "SELECT datetime('now')");
       zDate[10] = 'T';
       blob_appendf(&wiki, "D %s\n", zDate);
       free(zDate);
@@ -301,8 +302,9 @@
   }
   if( n<20 ) n = 20;
   if( n>40 ) n = 40;
   @ <form method="POST" action="%s(g.zBaseURL)/wikiedit">
+  login_insert_csrf_secret();
   @ <input type="hidden" name="name" value="%h(zPageName)">
   @ <textarea name="w" class="wikiedit" cols="80"
   @  rows="%d(n)" wrap="virtual">%h(zBody)</textarea>
   @ <br>
@@ -385,8 +387,9 @@
       blob_appendf(&body, db_get("sandbox",""));
       appendRemark(&body);
       db_set("sandbox", blob_str(&body), 0);
     }else{
+      login_verify_csrf_secret();
       content_get(rid, &content);
       manifest_parse(&m, &content);
       if( m.type==CFTYPE_WIKI ){
         blob_append(&body, m.zWiki, -1);
@@ -436,8 +439,9 @@
     blob_reset(&preview);
   }
   zUser = PD("u", g.zLogin);
   @ <form method="POST" action="%s(g.zBaseURL)/wikiappend">
+  login_insert_csrf_secret();
   @ <input type="hidden" name="name" value="%h(zPageName)">
   @ Your Name:
   @ <input type="text" name="u" size="20" value="%h(zUser)"><br>
   @ Comment to append:<br>