From: Kyle J. McKay <mackyle@gmail.com>
Date: Mon, 15 Jul 2013 11:42:45 +0000 (-0700)
Subject: tagproj: Require POST method to add tags
X-Git-Url: https://repo.or.cz/w/girocco.git/commitdiff_plain/5a91caaf995785251b0f8ea2aa3b03b4f3357844

tagproj: Require POST method to add tags
---

diff --git a/cgi/tagproj.cgi b/cgi/tagproj.cgi
index 98ddbe3..c87eab4 100755
--- a/cgi/tagproj.cgi
+++ b/cgi/tagproj.cgi
@@ -17,16 +17,21 @@ my $pname = $cgi->param('p')||'';
 my $ctags = $cgi->param('t')||'';
 $pname =~ s/\.git$//;
 
+if ($cgi->request_method ne 'POST') {
+	print "<p>Invalid data. Go away, sorcerer.</p>\n";
+	exit;
+}
+
 my $proj = Girocco::Project->load($pname);
 if (not $proj) {
 	print $cgi->header(-status=>404);
-	print "Project $pname does not exist.";
+	print "<p>Project $pname does not exist.</p>";
 	exit;
 }
 
 if ($ctags =~ /[^ a-zA-Z0-9:.+#_-]/) {
 	print $cgi->header(-status=>403);
-	print "Content tag(s) '$ctags' contain evil characters.";
+	print "<p>Content tag(s) '$ctags' contain evil characters.</p>";
 	exit;
 }