X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;ds=sidebyside;f=src%2Forg%2Fcacert%2Fgigi%2Foutput%2FForm.java;h=69fb22878e3fa6a76b8944e8c0d586c62717d870;hb=2931145000af1e49fd175cd17297a87ede22742f;hp=b86b6dcb7ea62d5f9301ee87b177eb2b3aa58339;hpb=70ac38c2e844e293d9815b8703341b94b029977a;p=gigi.git

diff --git a/src/org/cacert/gigi/output/Form.java b/src/org/cacert/gigi/output/Form.java
index b86b6dcb..69fb2287 100644
--- a/src/org/cacert/gigi/output/Form.java
+++ b/src/org/cacert/gigi/output/Form.java
@@ -22,12 +22,12 @@ public abstract class Form implements Outputable {
 			Map<String, Object> vars) {
 		out.println("<form method='POST' autocomplete='off'>");
 		outputContent(out, l, vars);
-		out.println("<input type='csrf' value='");
+		out.print("<input type='csrf' value='");
 		out.print(getCSRFToken());
 		out.println("'></form>");
 	}
 
-	public abstract void outputContent(PrintWriter out, Language l,
+	protected abstract void outputContent(PrintWriter out, Language l,
 			Map<String, Object> vars);
 
 	protected void outputError(PrintWriter out, ServletRequest req, String text) {
@@ -36,8 +36,16 @@ public abstract class Form implements Outputable {
 		out.println("</div>");
 	}
 
-	public String getCSRFToken() {
+	protected String getCSRFToken() {
 		return csrf;
 	}
+	protected void checkCSRF(HttpServletRequest req) {
+		if (!csrf.equals(req.getParameter("csrf"))) {
+			throw new CSRFError();
+		}
+	}
+
+	public class CSRFError extends Error {
 
+	}
 }