From 46f92c0749a294adee25828a8a3f8b4ec8da42c3 Mon Sep 17 00:00:00 2001
From: "Karl O. Pinc" <kop@karlpinc.com>
Date: Tue, 16 Jul 2024 17:19:54 -0500
Subject: [PATCH] Improve double-upload detection

Goes with pgwui_core commit 6fc47ce73d.
---
 src/pgwui_common/templates/auth_base.mak  | 4 ++++
 src/pgwui_common/templates/auth_parts.mak | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/src/pgwui_common/templates/auth_base.mak b/src/pgwui_common/templates/auth_base.mak
index 867675d..9f40a8c 100644
--- a/src/pgwui_common/templates/auth_base.mak
+++ b/src/pgwui_common/templates/auth_base.mak
@@ -36,6 +36,10 @@
     For use with upload_form:
     csrf_token  Token for detecting CSRF.
     report_success  Boolean. Whether to tell the user the db was changed.
+    db_changed  Boolean.  Whether the previous upload changed db content.
+                Different from report_success because "previous upload"
+                ignores session expiration.  (Unlike report_success,
+                db_changed is a form variable, not a session variable.)
     session_expired  Boolean.  Whether the session has expired.
     last_key     Token to detect duplicate uploads.
     db
diff --git a/src/pgwui_common/templates/auth_parts.mak b/src/pgwui_common/templates/auth_parts.mak
index 12d77ab..ba315dc 100644
--- a/src/pgwui_common/templates/auth_parts.mak
+++ b/src/pgwui_common/templates/auth_parts.mak
@@ -37,6 +37,14 @@
            name="csrf_token"
            value="${csrf_token}"
            />
+    % if db_changed is not None:
+    <%doc>This is a hack.  It should be fixed so that only double-upload
+    detecting forms unconditionally generate this element.</%doc>
+    <input type="hidden"
+           name="db_changed"
+           value="${db_changed}"
+           />
+    % endif
 </%def>
 
 <%def name="user_row(tabindex, havecreds, user)">
-- 
2.34.1