annotate tests/cookieSec.ur @ 2297:6d56080f495c

Fix a read-after-free bug using a timestamp check
author Adam Chlipala <adam@chlipala.net>
date Thu, 19 Nov 2015 13:18:58 -0500
parents f2a2be93331c
children
rev   line source
adamc@734 1 table t : {Id : int}
adamc@734 2
adamc@734 3 cookie c : int
adamc@734 4
adamc@734 5 fun setter r =
adamc@734 6 setCookie c (readError r.Id);
adamc@734 7 return <xml>Done</xml>
adamc@734 8
adamc@734 9 fun writer () =
adamc@734 10 ido <- getCookie c;
adamc@734 11 case ido of
adamc@734 12 None => error <xml>No cookie</xml>
adamc@734 13 | Some id => dml (INSERT INTO t (Id) VALUES ({[id]}));
adamc@734 14 return <xml>Done</xml>
adamc@734 15
adamc@734 16 fun main () = return <xml><body>
adamc@734 17 <form>
adamc@734 18 <textbox{#Id}/> <submit value="Get cookie" action={setter}/>
adamc@734 19 </form>
adamc@734 20
adamc@734 21 <form>
adamc@734 22 <submit value="Write to database" action={writer}/>
adamc@734 23 </form>
adamc@734 24 </body></xml>