Mercurial > hg > fapweb

changeset 369:a3caded43f6d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add possibility of always using GET requests when debug mode is enabled.
author Matti Hamalainen <ccr@tnsp.org>
date Tue, 03 Dec 2013 15:18:20 +0200
parents cbe2693a3cd1
children d65f28bf1080
files msession.inc.php msitegen.inc.php
diffstat 2 files changed, 18 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/msession.inc.php	Tue Dec 03 14:07:47 2013 +0200
+++ b/msession.inc.php	Tue Dec 03 15:18:20 2013 +0200
@@ -135,6 +135,9 @@
 
 function stCSRFCheck()
 {
+  if (stGetSetting("debug"))
+    return TRUE;
+
   $csrfID = stGetRequestItem("csrfID", FALSE);
   return ($csrfID !== FALSE && stGetSessionItem("csrfID", FALSE) == $csrfID);
 }
--- a/msitegen.inc.php	Tue Dec 03 14:07:47 2013 +0200
+++ b/msitegen.inc.php	Tue Dec 03 15:18:20 2013 +0200
@@ -324,10 +324,21 @@
 
 function stChkRequestItem($name, &$sdata)
 {
-  if (!isset($_POST[$name]))
-    return stErrorStrF("Required data item '".$name."' not set.", $name);
+  if (stGetSetting("debug"))
+  {
+    if (!isset($_REQUEST[$name]))
+      return stErrorStrF("Required data item '".$name."' not set.", $name);
 
-  $data = trim($_POST[$name]);
+    $data = trim($_REQUEST[$name]);
+  }
+  else
+  {
+    if (!isset($_POST[$name]))
+      return stErrorStrF("Required data item '".$name."' not set.", $name);
+
+    $data = trim($_POST[$name]);
+  }
+  
   $slen = strlen($data);
 
   if ($sdata !== FALSE)
@@ -396,7 +407,7 @@
 
 function stGetRequestItem($name, $default = "", $allowGet = FALSE)
 {
-  if ($allowGet)
+  if ($allowGet || stGetSetting("debug"))
     return isset($_REQUEST[$name]) ? trim($_REQUEST[$name]) : $default;
   else
     return isset($_POST[$name]) ? trim($_POST[$name]) : $default;