/*
Render a request variable. If a param by the given name is not found, consult the session.
*/
ssize espRenderVar(HttpConn *conn, cchar *name)
{
cchar *value;
if ((value = espGetParam(conn, name, 0)) == 0) {
value = httpGetSessionVar(conn, name, "");
}
return espRenderSafeString(conn, value);
}
bool espCheckSecurityToken(HttpConn *conn)
{
HttpRx *rx;
cchar *securityToken, *sessionToken;
rx = conn->rx;
if (!(rx->flags & HTTP_POST)) {
return 1;
}
if (rx->securityToken == 0) {
sessionToken = rx->securityToken = sclone(httpGetSessionVar(conn, ESP_SECURITY_TOKEN_NAME, ""));
#if UNUSED && KEEP
securityTokenName = espGetParam(conn, "SecurityTokenName", "");
#endif
securityToken = espGetParam(conn, ESP_SECURITY_TOKEN_NAME, "");
if (!smatch(sessionToken, securityToken)) {
httpError(conn, HTTP_CODE_NOT_ACCEPTABLE,
"Security token does not match. Potential CSRF attack. Denying request");
return 0;
}
}
return 1;
}
static void textInner(HttpConn *conn, cchar *field, MprHash *options)
{
cchar *rows, *cols, *type, *value;
type = "text";
value = getValue(conn, field, options);
if (value == 0 || *value == '\0') {
value = espGetParam(conn, field, "");
}
if (httpGetOption(options, "password", 0)) {
type = "password";
} else if (httpGetOption(options, "hidden", 0)) {
type = "hidden";
}
if ((rows = httpGetOption(options, "rows", 0)) != 0) {
cols = httpGetOption(options, "cols", "60");
espRender(conn, "<textarea name='%s' type='%s' cols='%s' rows='%s'%s>%s</textarea>", field, type,
cols, rows, map(conn, options), value);
} else {
espRender(conn, "<input name='%s' type='%s' value='%s'%s />", field, type, value, map(conn, options));
}
}
PUBLIC cchar *param(cchar *key)
{
return espGetParam(getStream(), key, 0);
}
EdiRec *espReadRec(HttpConn *conn, cchar *tableName)
{
return espSetRec(conn, ediReadRec(espGetDatabase(conn), tableName, espGetParam(conn, "id", NULL)));
}
PUBLIC cchar *param(cchar *key)
{
return espGetParam(getConn(), key, "");
}
