From 55ba59de02e05b53a3839bc7f2df79338babfe82 Mon Sep 17 00:00:00 2001 From: Uli Schlachter Date: Sun, 8 May 2011 22:19:51 +0200 Subject: [PATCH] WebModules: Add some more debug output This now prints more info in case of errors which might help figure out bugs. Signed-off-by: Uli Schlachter --- WebModules.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/WebModules.cpp b/WebModules.cpp index 6f903210..60e08431 100644 --- a/WebModules.cpp +++ b/WebModules.cpp @@ -534,6 +534,8 @@ void CWebSock::OnPageRequest(const CString& sURI) { CWebSock::EPageReqResult CWebSock::OnPageRequestInternal(const CString& sURI, CString& sPageRet) { if (CZNC::Get().GetProtectWebSessions() && GetSession()->GetIP() != GetRemoteIP()) { + DEBUG("Expected IP: " << GetSession()->GetIP()); + DEBUG("Remote IP: " << GetRemoteIP()); PrintErrorPage(403, "Access denied", "This session does not belong to your IP."); return PAGE_DONE; } @@ -543,6 +545,8 @@ CWebSock::EPageReqResult CWebSock::OnPageRequestInternal(const CString& sURI, CS // CSRF against the login form makes no sense and the login form does a // cookies-enabled check which would break otherwise. if (IsPost() && GetParam("_CSRF_Check") != GetCSRFCheck() && sURI != "/login") { + DEBUG("Expected _CSRF_Check: " << GetCSRFCheck()); + DEBUG("Actual _CSRF_Check: " << GetParam("_CSRF_Check")); PrintErrorPage(403, "Access denied", "POST requests need to send " "a secret token to prevent cross-site request forgery attacks."); return PAGE_DONE; @@ -724,6 +728,7 @@ CSmartPtr CWebSock::GetSession() { if (Sessions.m_mIPSessions.count(GetRemoteIP()) > m_uiMaxSessions) { mIPSessionsIterator it = Sessions.m_mIPSessions.find(GetRemoteIP()); + DEBUG("Remote IP: " << GetRemoteIP() << "; discarding session [" << it->second->GetId() << "]"); Sessions.m_mIPSessions.erase(it); }