From 5a91caaf995785251b0f8ea2aa3b03b4f3357844 Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Mon, 15 Jul 2013 04:42:45 -0700
Subject: [PATCH] tagproj: Require POST method to add tags

---
 cgi/tagproj.cgi | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/cgi/tagproj.cgi b/cgi/tagproj.cgi
index 98ddbe3..c87eab4 100755
--- a/cgi/tagproj.cgi
+++ b/cgi/tagproj.cgi
@@ -17,16 +17,21 @@ my $pname = $cgi->param('p')||'';
 my $ctags = $cgi->param('t')||'';
 $pname =~ s/\.git$//;
 
+if ($cgi->request_method ne 'POST') {
+	print "<p>Invalid data. Go away, sorcerer.</p>\n";
+	exit;
+}
+
 my $proj = Girocco::Project->load($pname);
 if (not $proj) {
 	print $cgi->header(-status=>404);
-	print "Project $pname does not exist.";
+	print "<p>Project $pname does not exist.</p>";
 	exit;
 }
 
 if ($ctags =~ /[^ a-zA-Z0-9:.+#_-]/) {
 	print $cgi->header(-status=>403);
-	print "Content tag(s) '$ctags' contain evil characters.";
+	print "<p>Content tag(s) '$ctags' contain evil characters.</p>";
 	exit;
 }
 
-- 
2.11.4.GIT