projects / citadel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
*All* <FORM> blocks now contain a nonce field, and the use of
[citadel.git] / webcit / webcit.c
diff --git a/webcit/webcit.c b/webcit/webcit.c
index 3e93030717adea7a3b5338378eb7f49edbd7e7eb..c6677b285e1d0f8d24ac59ca7238fb56dae1fc22 100644 (file)
--- a/webcit/webcit.c
+++ b/webcit/webcit.c
@@ -1209,7 +1209,9 @@ void session_loop(struct httprequest *req)
        }
 
        /* If the client sent a nonce that is incorrect, kill the request. */
-       if (strlen(bstr("nonce")) > 0) {
+       if (!strcasecmp(request_method, "POST")) {
+               lprintf(9, "Comparing supplied nonce %s to session nonce %ld\n", 
+                       bstr("nonce"), WC->nonce);
                if (atoi(bstr("nonce")) != WC->nonce) {
                        lprintf(9, "Ignoring request with mismatched nonce.\n");
                        wprintf("HTTP/1.1 404 Security check failed\r\n");
Citadel server, clients, utilities