mason/pastebin/, static/odin.css: Cope if client doesn't send cookies.

Previously the edit key would just get lost.  Instead, detect the
situation and show a page with a fierce warning: because we can't hide
the edit key anywhere other than the actual page URL, the link is unsafe
to share, so it's important to make it obvious which link is safe.

diff --git a/mason/pastebin/%show b/mason/pastebin/%show
index b8dc069..7668de7 100644 (file)
--- a/mason/pastebin/%show
+++ b/mason/pastebin/%show
@@ -2,11 +2,22 @@
        title => Odin::escapify($m, $title) . " (odin.gg Paste Bin)" &>
 <h1><tt>odin.gg</tt> Paste Bin: <% $title %></h1>
 <div class="menu">
-  <span class="item"><a href="<% "$Odin::PASTEBIN/$tag?op=raw" %>">Raw</a></span>
+  <span class="item"><a href="<% "$Odin::PASTEBIN/$tag?op=raw" |h %>">Raw</a></span>
 % if (defined $edit) {
-  <span class="item"><a href="<% "$Odin::PASTEBIN/$tag?edit=$edit" %>">Edit</a></span>
+  <span class="item"><a href="<% "$Odin::PASTEBIN/$tag?edit=$edit" |h %>">Edit</a></span>
 % }
 </div>
+% if (defined $honc) {
+<div class="note">
+<p>Your browser doesn't appear to be accepting my cookies.
+<p>Don't share the link to this page with other people.  <b>If you do,
+  they'll be able to edit this paste just as you can</b>, using the
+  <b>Edit</b> link at the top of the page.
+<p>Instead, share this link:
+  <a href="<% "$Odin::PASTEBIN/$tag" |h %>"><%
+    "$Odin::PASTEBIN/$tag" |h %></a>
+</div>
+% }
 <pre class="paste">
 % if ($lang eq 'txt') {
 <% $content |h %>\
@@ -34,6 +45,7 @@
        $title
        $lang
        $tag
+       $honc
        $edit
 </%args>
 %#

diff --git a/mason/pastebin/dhandler b/mason/pastebin/dhandler
index 7f6ea24..85b7ef3 100644 (file)
--- a/mason/pastebin/dhandler
+++ b/mason/pastebin/dhandler
@@ -7,6 +7,13 @@
            -path => "$Odin::PASTEBIN_PATH/", %attr;
        }
 
+       sub hasuff ($) {
+         my ($edit) = @_;
+         return $Odin::COOKIE{"odin-cookie-probe"} ? "" : "?honc=$edit";
+       }
+
+       Odin::bake_cookie $r, "odin-cookie-probe=t";
+
        my %props = (
          lang => $lang, title => $title,
          content => Odin::tidy_pastebin_content $content
@@ -22,7 +29,8 @@
              $m->print($old{content});
            } else {
              $edit = $Odin::COOKIE{"odin-handoff.$tag"};
-             $m->comp("%show", tag => $tag, edit => $edit, %old);
+             $m->comp("%show", tag => $tag,
+                      honc => $honc, edit => $edit // $honc, %old);
            }
          } else {
            if ($op eq "del") {
@@ -32,14 +40,17 @@
            } else {
              set_handoff_cookie $tag, $edit;
              my $editp = Odin::update_pastebin $tag, $edit, %props;
-             if ($editp) { $m->redirect("$Odin::PASTEBIN/$tag"); }
-             else { $m->comp("%edit", tag => $tag, edit => $edit, %props); }
+             if ($editp) {
+               $m->redirect("$Odin::PASTEBIN/$tag" . hasuff $edit);
+             } else {
+               $m->comp("%edit", tag => $tag, edit => $edit, %props);
+             }
            }
          }
        } elsif (defined $content) {
          ($tag, $edit) = Odin::new_pastebin %props;
          set_handoff_cookie $tag, $edit;
-         $m->redirect("$Odin::PASTEBIN/$tag");
+         $m->redirect("$Odin::PASTEBIN/$tag" . hasuff $edit);
        } else {
          Odin::path_info($r) =~ m:/$:
            or $m->redirect("$Odin::PASTEBIN/", 301);
@@ -52,6 +63,7 @@
        $edit => undef
        $lang => undef
        $title => undef
+       $honc => undef
        $op => "edit"
 </%args>
 %#

diff --git a/static/odin.css b/static/odin.css
index 80e23fc..6408dd6 100644 (file)
--- a/static/odin.css
+++ b/static/odin.css
@@ -38,3 +38,9 @@ input#title { min-width: 24em; }
 
 div.pastebin { float: left; }
 div.paste-widgets { text-align: center; margin: 1ex; }
+
+div.note {
+       border: solid red;
+       padding: 1ex;
+       margin: 2ex;
+}