Mercurial > urweb
annotate tests/cookieJsec.ur @ 2297:6d56080f495c
Fix a read-after-free bug using a timestamp check
author | Adam Chlipala <adam@chlipala.net> |
---|---|
date | Thu, 19 Nov 2015 13:18:58 -0500 |
parents | 796e42c93c48 |
children |
rev | line source |
---|---|
adamc@736 | 1 table t : {Id : int} |
adamc@736 | 2 |
adamc@736 | 3 cookie c : int |
adamc@736 | 4 |
adamc@736 | 5 fun setter r = |
adamc@736 | 6 setCookie c (readError r.Id); |
adamc@736 | 7 return <xml>Done</xml> |
adamc@736 | 8 |
adamc@736 | 9 fun writer () = |
adamc@736 | 10 ido <- getCookie c; |
adamc@736 | 11 case ido of |
adamc@736 | 12 None => error <xml>No cookie</xml> |
adamc@736 | 13 | Some id => dml (INSERT INTO t (Id) VALUES ({[id]})) |
adamc@736 | 14 |
adamc@736 | 15 fun preWriter () = return <xml><body onload={onConnectFail (alert "RPC error")}> |
adamc@736 | 16 <button onclick={writer ()} value="Write to database"/> |
adamc@736 | 17 |
adamc@736 | 18 <a link={main ()}>Back</a> |
adamc@736 | 19 </body></xml> |
adamc@736 | 20 |
adamc@736 | 21 and main () = return <xml><body> |
adamc@736 | 22 <form> |
adamc@736 | 23 <textbox{#Id}/> <submit value="Get cookie" action={setter}/> |
adamc@736 | 24 </form> |
adamc@736 | 25 |
adamc@736 | 26 <form><submit action={preWriter} value="Prepare to write to database"/></form> |
adamc@736 | 27 </body></xml> |