/* Render a request variable. If a param by the given name is not found, consult the session. */ ssize espRenderVar(HttpConn *conn, cchar *name) { cchar *value; if ((value = espGetParam(conn, name, 0)) == 0) { value = httpGetSessionVar(conn, name, ""); } return espRenderSafeString(conn, value); }
bool espCheckSecurityToken(HttpConn *conn) { HttpRx *rx; cchar *securityToken, *sessionToken; rx = conn->rx; if (!(rx->flags & HTTP_POST)) { return 1; } if (rx->securityToken == 0) { sessionToken = rx->securityToken = sclone(httpGetSessionVar(conn, ESP_SECURITY_TOKEN_NAME, "")); #if UNUSED && KEEP securityTokenName = espGetParam(conn, "SecurityTokenName", ""); #endif securityToken = espGetParam(conn, ESP_SECURITY_TOKEN_NAME, ""); if (!smatch(sessionToken, securityToken)) { httpError(conn, HTTP_CODE_NOT_ACCEPTABLE, "Security token does not match. Potential CSRF attack. Denying request"); return 0; } } return 1; }
static void textInner(HttpConn *conn, cchar *field, MprHash *options) { cchar *rows, *cols, *type, *value; type = "text"; value = getValue(conn, field, options); if (value == 0 || *value == '\0') { value = espGetParam(conn, field, ""); } if (httpGetOption(options, "password", 0)) { type = "password"; } else if (httpGetOption(options, "hidden", 0)) { type = "hidden"; } if ((rows = httpGetOption(options, "rows", 0)) != 0) { cols = httpGetOption(options, "cols", "60"); espRender(conn, "<textarea name='%s' type='%s' cols='%s' rows='%s'%s>%s</textarea>", field, type, cols, rows, map(conn, options), value); } else { espRender(conn, "<input name='%s' type='%s' value='%s'%s />", field, type, value, map(conn, options)); } }
PUBLIC cchar *param(cchar *key) { return espGetParam(getStream(), key, 0); }
EdiRec *espReadRec(HttpConn *conn, cchar *tableName) { return espSetRec(conn, ediReadRec(espGetDatabase(conn), tableName, espGetParam(conn, "id", NULL))); }
PUBLIC cchar *param(cchar *key) { return espGetParam(getConn(), key, ""); }