[Fencommits] fenserve: give 403 Forbidden on attempted state changes not from localhost

Benja Fallenstein benja.fallenstein at gmail.com
Sun Mar 25 20:04:31 EEST 2007


Sun Mar 25 20:04:17 EEST 2007  Benja Fallenstein <benja.fallenstein at gmail.com>
  * give 403 Forbidden on attempted state changes not from localhost
diff -rN -u old-fenserve/Main.hs new-fenserve/Main.hs
--- old-fenserve/Main.hs	2007-03-25 20:04:31.000000000 +0300
+++ new-fenserve/Main.hs	2007-03-25 20:04:31.000000000 +0300
@@ -46,9 +46,11 @@
 fenserveHandler = Handle $ \req -> do
     state <- get; rq <- getEvent
     let (result, state') = runFenServe (handleRequest rq) state
-    when (not $ rqMethod req `elem` [GET,HEAD]) $ 
-        when (isLocalhost req) $ put state'
-    respond $ return result
+    if rqMethod req `elem` [GET,HEAD] then respond $ return result
+        else if isLocalhost req then do put state'; respond $ return result
+        else if state == state' then respond $ return result
+        else respond $ return $ mkResult 403 "text/html" $ toUTF
+               "403 Forbidden: state changes only from localhost at this time"
 
 main :: IO ()
 main = do




More information about the Fencommits mailing list