Mercurial > urweb

diff src/cjr_print.sml @ 2116:ebfaab689570

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
The 2nd half of proper CSRF protection related to environment variables
author Adam Chlipala <adam@chlipala.net>
date Thu, 12 Feb 2015 15:09:26 -0500
parents a9159911c3ba
children f55b0e45422f e10881cd92da
line wrap: on
line diff
--- a/src/cjr_print.sml	Wed Feb 11 13:12:59 2015 -0500
+++ b/src/cjr_print.sml	Thu Feb 12 15:09:26 2015 -0500
@@ -3260,6 +3260,16 @@
                                                               string "))"]))
                          NONE cookies
 
+        val cookieCode = foldl (fn (evar, acc) =>
+                                   SOME (case acc of
+                                             NONE => string ("uw_unnull(uw_Basis_getenv(ctx, \""
+                                                             ^ Prim.toCString evar ^ "\"))")
+                                           | SOME acc => box [string ("uw_Basis_strcat(ctx, uw_unnull(uw_Basis_getenv(ctx, \""
+                                                                      ^ Prim.toCString evar ^ "\")), uw_Basis_strcat(ctx, \"/\", "),
+                                                              acc,
+                                                              string "))"]))
+                         cookieCode (SideCheck.readEnvVars ())
+
         fun makeChecker (name, rules : Settings.rule list) =
             box [string "static int ",
                  string name,