webmcp
annotate framework/env/request/get_csrf_secret.lua @ 448:e3da778a8bf3
Use snprintf instead of sprintf as a precautionary measure for security
| author | jbe |
|---|---|
| date | Wed Jun 01 19:59:05 2016 +0200 (2016-06-01) |
| parents | 9fdfb27f8e67 |
| children |
| rev | line source |
|---|---|
| jbe/bsw@0 | 1 --[[-- |
| jbe/bsw@0 | 2 secret = -- secret string, previously set with request.set_csrf_secret(...) |
| jbe/bsw@0 | 3 request.get_csrf_secret() |
| jbe/bsw@0 | 4 |
| jbe/bsw@0 | 5 Returns the secret string being previously set with request.set_csrf_secret(...) for inclusion in web forms (nil if none is set). This function is automatically used by the ui.form{...} helper. |
| jbe/bsw@0 | 6 |
| jbe/bsw@0 | 7 --]]-- |
| jbe/bsw@0 | 8 |
| jbe/bsw@0 | 9 function request.get_csrf_secret(secret) |
| jbe/bsw@0 | 10 return request._csrf_secret |
| jbe/bsw@0 | 11 end |