Merge pull request #11 from hobbyquaker/master

Session validation
2023-10-10 13:37:40 +02:00 · 2018-07-22 11:56:45 +02:00 · 2018-07-22 11:56:45 +02:00 · 219d5801b4
commit 219d5801b4
parent eea2867af8 b15fb681d1
5 changed files with 35 additions and 1 deletions
--- a/addon/etc/rmupdate-addon.cfg
+++ b/addon/etc/rmupdate-addon.cfg
@ -1,5 +1,5 @@
 {
-  CONFIG_URL /addons/rmupdate
+  CONFIG_URL /addons/rmupdate/index.cgi
  CONFIG_DESCRIPTION {
    de {<li>System-Update</li>}
    en {<li>System-update</li>}
--- a/addon/lib/querystring.tcl
+++ b/addon/lib/querystring.tcl
@ -0,0 +1,9 @@
+catch {
+  set input $env(QUERY_STRING)
+  set pairs [split $input &]
+  foreach pair $pairs {
+    if {0 != [regexp "^(\[^=]*)=(.*)$" $pair dummy varname val]} {
+      set $varname $val
+    }
+  }
+}
--- a/addon/lib/session.tcl
+++ b/addon/lib/session.tcl
@ -0,0 +1,13 @@
+#!/bin/tclsh
+
+load tclrega.so
+
+proc check_session sid {
+    if {[regexp {@([0-9a-zA-Z]{10})@} $sid all sidnr]} {
+        set res [lindex [rega_script "Write(system.GetSessionVarStr('$sidnr'));"] 1]
+        if {$res != ""} {
+            return 1
+        }
+    }
+    return 0
+}
--- a/addon/www/index.cgi
+++ b/addon/www/index.cgi
@ -0,0 +1,12 @@
+#!/bin/tclsh
+
+source /usr/local/addons/rmupdate/lib/querystring.tcl
+source /usr/local/addons/rmupdate/lib/session.tcl
+
+if {[info exists sid] && [check_session $sid]} {
+    set fp [open "/usr/local/addons/rmupdate/www/rmupdate.html" r]
+    puts -nonewline [read $fp]
+    close $fp
+} else {
+    puts {error: invalid session}
+}
--- a/addon/www/rmupdate.html
+++ b/addon/www/rmupdate.html