From 0604db43441db0e370f9991f804514a53447a081 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Tue, 13 Dec 2011 19:28:42 +0100
Subject: [PATCH] nedap server: token validation for gif uploads too

---
 nedap/server.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/nedap/server.js b/nedap/server.js
index 69ab4ec..97a96c6 100644
--- a/nedap/server.js
+++ b/nedap/server.js
@@ -95,6 +95,9 @@ function nedap(app) {
 	    form.c('p').t(question);
 	    form.c('input', { type: 'file', name: 'gif' });
 	    form.c('input', { type: 'submit', value: "Submit" });
+	    form.c('input', { type: 'hidden',
+			      name: 'token',
+			      value: Token.generate() });
 	    form.c('p').t("Max file size: 2 MB");
 	    res.write(html(form.toString()));
 	    res.end();
@@ -138,6 +141,11 @@ function nedap(app) {
 
     app.post('/i', function(req, res) {
 	if (req.files.gif) {
+	    if (!Token.validate(req.body.token)) {
+		res.writeHead(200, { 'Content-type': MIME_HTML });
+		res.end("Cheater!");
+		return;
+	    }
 	    /* pass to frontend */
 	    var gif = req.files.gif;
 	    var path = gif.path + "." + mime.extension(gif.type);