annotate demo/cookieSec.ur @ 1869:16b08de04f05

Detect more SQL uses without 'database' directive
author Adam Chlipala <adam@chlipala.net>
date Mon, 30 Sep 2013 16:37:37 -0400
parents 731e6aa6655a
children
rev   line source
adamc@779 1 cookie username : string
adamc@779 2
adamc@779 3 table lastVisit : { User : string, When : time }
adamc@779 4 PRIMARY KEY User
adamc@779 5
adamc@779 6 fun main () =
adamc@779 7 userO <- getCookie username;
adamc@779 8
adamc@779 9 list <- queryX (SELECT * FROM lastVisit)
adamc@779 10 (fn r => <xml><tr><td>{[r.LastVisit.User]}</td> <td>{[r.LastVisit.When]}</td></tr></xml>);
adamc@779 11
adamc@779 12 return <xml><body>
adamc@779 13 Cookie: {[userO]}<br/>
adamc@779 14
adamc@779 15 <table>
adamc@779 16 <tr><th>User</th> <th>Last Visit</th></tr>
adamc@779 17 {list}
adamc@779 18 </table>
adamc@779 19
adamc@779 20 <h2>Set cookie value</h2>
adamc@779 21 <form><textbox{#User}/> <submit action={set}/></form>
adamc@779 22
adamc@779 23 <h2>Record your visit</h2>
adamc@779 24 <form><submit action={imHere}/></form>
adamc@779 25 </body></xml>
adamc@779 26
adamc@779 27 and set r =
adamc@1051 28 setCookie username {Value = r.User, Expires = None, Secure = False};
adamc@779 29 main ()
adamc@779 30
adamc@779 31 and imHere () =
adamc@779 32 userO <- getCookie username;
adamc@779 33 case userO of
adamc@779 34 None => return <xml>You don't have a cookie set!</xml>
adamc@779 35 | Some user =>
adamc@779 36 dml (DELETE FROM lastVisit WHERE User = {[user]});
adamc@779 37 dml (INSERT INTO lastVisit (User, When) VALUES ({[user]}, CURRENT_TIMESTAMP));
adamc@779 38 main ()
adamc@779 39