improve HTTP headers; can't post with GET request

[ott/bsta] / opomba.1.pl

diff --git a/opomba.1.pl b/opomba.1.pl
index 3b2adb567abb7ecc3ee68ff521e1faa568273f43..d437ba5699f51c34a3e7fa9a691623a911082bf7 100644 (file)
--- a/opomba.1.pl
+++ b/opomba.1.pl
@@ -27,13 +27,15 @@ use Encode ('encode', 'decode');
 
 ###PERL_LIB: use lib /botm/lib/bsta
 use botm_common (
+       'HTTP_STATUS',
        'read_header_env', 'url_query_decode',
        'read_data_file', 'write_data_file',
        'html_entity_encode_dec',
        'open_encoded',
        'join_path',
        'merge_url',
-       'make_id'
+       'make_id',
+       'http_header_status'
 );
 use bsta_lib (
        'TEXT_MODE', 'STATE',
@@ -111,7 +113,7 @@ if ($ENV{'REQUEST_METHOD'} =~ /^(HEAD|GET|POST)$/) {
        $method = $1;
 }
 else {
-       exit fail_method($ENV{'REQUEST_METHOD'}, 'GET, POST, HEAD');
+       exit fail_method($ENV{'REQUEST_METHOD'}, ['GET', 'POST', 'HEAD']);
 }
 
 %http = read_header_env(\%ENV);
@@ -180,7 +182,7 @@ if ($ID ne '') {
 }
 
 unless ($frame ne '') {
-       exit output(0, '400 Bad Request', 'Frame ID not specified.');
+       exit output(0, HTTP_STATUS->{'bad_request'}, 'Frame ID not specified.');
 }
 $access = (
        $password_ok || (
@@ -189,7 +191,7 @@ $access = (
        )
 );
 unless ($access) {
-       exit output(0, '403 Forbidden', 'Not allowed to post this here now');
+       exit output(0, HTTP_STATUS->{'forbidden'}, 'Not allowed to post this here now');
 }
 
 $words_data_path = join_path(PATH_SEPARATOR(), DATA_WORDS_PATH(), $frame);
@@ -200,7 +202,7 @@ unless (open_encoded($fh, "+<:encoding(UTF-8)", $words_data_path)) {
        }
 }
 unless (flock($fh, 2)) {
-       exit output(0, '500 Internal Server Error', 'Failed locking data file.', 1);
+       exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed locking data file.', 1);
 }
 
 %words_data = read_data_file(
@@ -224,44 +226,44 @@ for (my $i=0; $i< scalar(@post_list); $i +=1) {
 if ($remove || ($ID ne '')) {
        unless ($index ne '') {
                close($fh);
-               exit output(0, '404 Not Found', $remove ? 'Nothing to remove.' : 'No such message.');
+               exit output(0, HTTP_STATUS->{'not_found'}, $remove ? 'Nothing to remove.' : 'No such message.');
        }
        unless ($cgi{'key'} eq $post_data{'key'}) {
                close($fh);
-               exit output(0, '400 Bad Request', 'Invalid request.');
+               exit output(0, HTTP_STATUS->{'bad_request'}, 'Invalid request.');
        }
 }
 if ($remove) {
-       if ($cgi{'i'} eq '') { # followed a link, not confirmed yet
+       unless (($method eq 'POST') && ($cgi{'i'} ne '')) { # followed a link, not confirmed yet
                close($fh);
                exit output(0, '', '', 1);
        }
 }
 else {
-       unless ($post) { # followed a link, not confirmed yet
+       unless (($method eq 'POST') && $post) { # followed a link, not confirmed yet
                close($fh);
                exit output(0, '', '', 1);
        }
 }
 if (!$remove) {
        unless ($cgi{'words'} ne '') {
-               exit output(0, '400 Bad Request', 'Where are your words?', 1);
+               exit output(0, HTTP_STATUS->{'bad_request'}, 'Where are your words?', 1);
        }
 }
 unless ($cgi{'username'} ne '') {
        close($fh);
-       exit output(0, '400 Bad Request', 'Missing user name.', 1);
+       exit output(0, HTTP_STATUS->{'bad_request'}, 'Missing user name.', 1);
 }
 if ($remove || ($ID ne '')) {
        unless ($cgi{'username'} eq $post_data{'name'}) {
                close($fh);
-               exit output(0, '403 Forbidden', 'Wrong user name.', 1);
+               exit output(0, HTTP_STATUS->{'forbidden'}, 'Wrong user name.', 1);
        }
 }
 if ($remove || ($ID ne '')) {
                unless ($cgi{'password'} ne '') {
                close($fh);
-               exit output(0, '400 Bad Request', 'Missing password.', 1);
+               exit output(0, HTTP_STATUS->{'bad_request'}, 'Missing password.', 1);
        }
        unless (
                ($cgi{'password'} eq $post_data{'password'}) || (
@@ -270,7 +272,7 @@ if ($remove || ($ID ne '')) {
                )
        ) {
                close($fh);
-               exit output(0, '403 Forbidden', 'Wrong password.', 1);
+               exit output(0, HTTP_STATUS->{'forbidden'}, 'Wrong password.', 1);
        }
        if ($password_ok) {
                $cgi{'password'} = $post_data{'password'};
@@ -315,7 +317,7 @@ if ($remove) {
        );
        unless ($r) {
                close($fh);
-               exit output(0, '500 Internal Server Error', 'Failed writing data file.');
+               exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed writing data file.');
        }
        
        close ($fh);
@@ -385,7 +387,7 @@ $post_data{'content'} = $cgi{'words'};
 $r = write_data_file($post_data_path, \%post_data);
 unless ($r) {
        close($fh);
-       exit output(0, '500 Internal Server Error', 'Failed writing post file.', 1, 0);
+       exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed writing post file.', 1, 0);
 }
 
 $r = write_data_file(
@@ -398,7 +400,7 @@ $r = write_data_file(
 );
 unless ($r) {
        close($fh);
-       exit output(0, '500 Internal Server Error', 'Failed writing data file.', 1, 0);
+       exit output(0, HTTP_STATUS->{'internal_server_error'}, 'Failed writing data file.', 1, 0);
 }
 
 close($fh);
@@ -438,14 +440,13 @@ sub output {
                }
        );
        if ($done) {
-               return redirect ($method, $return_url, 303);
+               return redirect($method, $return_url, HTTP_STATUS->{'see_other'});
        }
        
-       print "Content-type: text/html; charset=UTF-8\n";
        if ($status ne '') {
-               print 'Status: '.$status."\n";
+               print http_header_status($status);
        }
-       print "\n";
+       print "Content-type: text/html; charset=UTF-8\n\n";
        if ($method eq 'HEAD') {
                return;
        }