Require a session for accessing the repost endpoint

git-svn-id: https://modmellon.googlecode.com/svn/trunk@72 a716ebb1-153a-0410-b759-cfb97c6a1b53
author: manu@netbsd.org <manu@netbsd.org@a716ebb1-153a-0410-b759-cfb97c6a1b53> 2009-11-13 15:22:10 +0000
committer: manu@netbsd.org <manu@netbsd.org@a716ebb1-153a-0410-b759-cfb97c6a1b53> 2009-11-13 15:22:10 +0000
commit: 2a0c1327b861741efb9d3b9812fb3003bb8db7ca (patch)
tree: 58b18a7322d567b1835d92bab9002a094f51824b
parent: a4a155c031a846dc2ba46afa612b185d5e93df0b (diff)
download: mod_auth_mellon-2a0c1327b861741efb9d3b9812fb3003bb8db7ca.tar.gz
mod_auth_mellon-2a0c1327b861741efb9d3b9812fb3003bb8db7ca.tar.xz
mod_auth_mellon-2a0c1327b861741efb9d3b9812fb3003bb8db7ca.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index 66efce3..1c29b2d 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -1864,6 +1864,12 @@ static int am_handle_repost(request_rec *r)
     char *return_url;
     const char *(*post_mkform)(request_rec *, const char *);
 
+    if (am_cookie_get(r) == NULL) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 
+                      "Repost query without a session");
+        return HTTP_FORBIDDEN;
+    }
+
     mod_cfg = am_get_mod_cfg(r->server);
     query = r->parsed_uri.query;
author	manu@netbsd.org <manu@netbsd.org@a716ebb1-153a-0410-b759-cfb97c6a1b53>	2009-11-13 15:22:10 +0000
committer	manu@netbsd.org <manu@netbsd.org@a716ebb1-153a-0410-b759-cfb97c6a1b53>	2009-11-13 15:22:10 +0000
commit	2a0c1327b861741efb9d3b9812fb3003bb8db7ca (patch)
tree	58b18a7322d567b1835d92bab9002a094f51824b
parent	a4a155c031a846dc2ba46afa612b185d5e93df0b (diff)
download	mod_auth_mellon-2a0c1327b861741efb9d3b9812fb3003bb8db7ca.tar.gz mod_auth_mellon-2a0c1327b861741efb9d3b9812fb3003bb8db7ca.tar.xz mod_auth_mellon-2a0c1327b861741efb9d3b9812fb3003bb8db7ca.zip