From 1ea383a0e73f63d142d3539d984c9e2f4b7f0076 Mon Sep 17 00:00:00 2001
From: Adam Chlipala <adam@chlipala.net>
Date: Thu, 12 Feb 2015 15:09:26 -0500
Subject: The 2nd half of proper CSRF protection related to environment
 variables

---
 src/cjr_print.sml | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src/cjr_print.sml')

diff --git a/src/cjr_print.sml b/src/cjr_print.sml
index 0867f001..b3b12fe8 100644
--- a/src/cjr_print.sml
+++ b/src/cjr_print.sml
@@ -3260,6 +3260,16 @@ fun p_file env (ds, ps) =
                                                               string "))"]))
                          NONE cookies
 
+        val cookieCode = foldl (fn (evar, acc) =>
+                                   SOME (case acc of
+                                             NONE => string ("uw_unnull(uw_Basis_getenv(ctx, \""
+                                                             ^ Prim.toCString evar ^ "\"))")
+                                           | SOME acc => box [string ("uw_Basis_strcat(ctx, uw_unnull(uw_Basis_getenv(ctx, \""
+                                                                      ^ Prim.toCString evar ^ "\")), uw_Basis_strcat(ctx, \"/\", "),
+                                                              acc,
+                                                              string "))"]))
+                         cookieCode (SideCheck.readEnvVars ())
+
         fun makeChecker (name, rules : Settings.rule list) =
             box [string "static int ",
                  string name,
-- 
cgit v1.2.3