6 files changed, 36 insertions, 7 deletions

diff --git a/vendor/github.com/gorilla/csrf/README.md b/vendor/github.com/gorilla/csrf/README.md
index 02e4f42..9bcf3f8 100644
--- a/vendor/github.com/gorilla/csrf/README.md
+++ b/vendor/github.com/gorilla/csrf/README.md
@@ -89,7 +89,7 @@ func main() {
 func ShowSignupForm(w http.ResponseWriter, r *http.Request) {
     // signup_form.tmpl just needs a {{ .csrfField }} template tag for
     // csrf.TemplateField to inject the CSRF token into. Easy!
-    t.ExecuteTemplate(w, "signup_form.tmpl", map[string]interface{
+    t.ExecuteTemplate(w, "signup_form.tmpl", map[string]interface{}{
         csrf.TemplateTag: csrf.TemplateField(r),
     })
     // We could also retrieve the token directly from csrf.Token(r) and
diff --git a/vendor/github.com/gorilla/csrf/csrf.go b/vendor/github.com/gorilla/csrf/csrf.go
index b4b0439..58ffd5b 100644
--- a/vendor/github.com/gorilla/csrf/csrf.go
+++ b/vendor/github.com/gorilla/csrf/csrf.go
@@ -110,7 +110,7 @@ type options struct {
 //	func GetSignupForm(w http.ResponseWriter, r *http.Request) {
 //		// signup_form.tmpl just needs a {{ .csrfField }} template tag for
 //		// csrf.TemplateField to inject the CSRF token into. Easy!
-//		t.ExecuteTemplate(w, "signup_form.tmpl", map[string]interface{
+//		t.ExecuteTemplate(w, "signup_form.tmpl", map[string]interface{}{
 //			csrf.TemplateTag: csrf.TemplateField(r),
 //		})
 //		// We could also retrieve the token directly from csrf.Token(r) and
diff --git a/vendor/github.com/gorilla/mux/doc.go b/vendor/github.com/gorilla/mux/doc.go
index 291ef5e..e9573dd 100644
--- a/vendor/github.com/gorilla/mux/doc.go
+++ b/vendor/github.com/gorilla/mux/doc.go
@@ -47,6 +47,10 @@ variable will be anything until the next slash. For example:
 	r.HandleFunc("/articles/{category}/", ArticlesCategoryHandler)
 	r.HandleFunc("/articles/{category}/{id:[0-9]+}", ArticleHandler)
 
+Groups can be used inside patterns, as long as they are non-capturing (?:re). For example:
+
+	r.HandleFunc("/articles/{category}/{sort:(?:asc|desc|new)}", ArticlesCategoryHandler)
+
 The names are used to create a map of route variables which can be retrieved
 calling mux.Vars():
 
diff --git a/vendor/github.com/gorilla/securecookie/securecookie.go b/vendor/github.com/gorilla/securecookie/securecookie.go
index 83dd606..cd4e097 100644
--- a/vendor/github.com/gorilla/securecookie/securecookie.go
+++ b/vendor/github.com/gorilla/securecookie/securecookie.go
@@ -102,6 +102,7 @@ var (
 	errTimestampExpired     = cookieError{typ: decodeError, msg: "expired timestamp"}
 	errDecryptionFailed     = cookieError{typ: decodeError, msg: "the value could not be decrypted"}
 	errValueNotByte         = cookieError{typ: decodeError, msg: "value not a []byte."}
+	errValueNotBytePtr      = cookieError{typ: decodeError, msg: "value not a pointer to []byte."}
 
 	// ErrMacInvalid indicates that cookie decoding failed because the HMAC
 	// could not be extracted and verified.  Direct use of this error
@@ -474,12 +475,11 @@ func (e NopEncoder) Serialize(src interface{}) ([]byte, error) {
 
 // Deserialize passes a []byte through as-is.
 func (e NopEncoder) Deserialize(src []byte, dst interface{}) error {
-	if _, ok := dst.([]byte); ok {
-		dst = src
+	if dat, ok := dst.(*[]byte); ok {
+		*dat = src
 		return nil
 	}
-
-	return errValueNotByte
+	return errValueNotBytePtr
 }
 
 // Encoding -------------------------------------------------------------------
diff --git a/vendor/github.com/gorilla/sessions/README.md b/vendor/github.com/gorilla/sessions/README.md
index 12f6118..65e5e1b 100644
--- a/vendor/github.com/gorilla/sessions/README.md
+++ b/vendor/github.com/gorilla/sessions/README.md
@@ -64,7 +64,7 @@ Other implementations of the `sessions.Store` interface:
 * [github.com/srinathgs/couchbasestore](https://github.com/srinathgs/couchbasestore) - Couchbase
 * [github.com/denizeren/dynamostore](https://github.com/denizeren/dynamostore) - Dynamodb on AWS
 * [github.com/bradleypeabody/gorilla-sessions-memcache](https://github.com/bradleypeabody/gorilla-sessions-memcache) - Memcache
-* [github.com/dsoprea/goappenginesessioncascade](https://github.com/dsoprea/goappenginesessioncascade) - Memcache/Datastore/Context in AppEngine
+* [github.com/dsoprea/go-appengine-sessioncascade](https://github.com/dsoprea/go-appengine-sessioncascade) - Memcache/Datastore/Context in AppEngine
 * [github.com/kidstuff/mongostore](https://github.com/kidstuff/mongostore) - MongoDB
 * [github.com/srinathgs/mysqlstore](https://github.com/srinathgs/mysqlstore) - MySQL
 * [github.com/antonlindstrom/pgstore](https://github.com/antonlindstrom/pgstore) - PostgreSQL
diff --git a/vendor/github.com/gorilla/sessions/store.go b/vendor/github.com/gorilla/sessions/store.go
index ba3b9e9..4ff6b6c 100644
--- a/vendor/github.com/gorilla/sessions/store.go
+++ b/vendor/github.com/gorilla/sessions/store.go
@@ -205,8 +205,22 @@ func (s *FilesystemStore) New(r *http.Request, name string) (*Session, error) {
 }
 
 // Save adds a single session to the response.
+//
+// If the Options.MaxAge of the session is <= 0 then the session file will be
+// deleted from the store path. With this process it enforces the properly
+// session cookie handling so no need to trust in the cookie management in the
+// web browser.
 func (s *FilesystemStore) Save(r *http.Request, w http.ResponseWriter,
 	session *Session) error {
+	// Delete if max-age is <= 0
+	if session.Options.MaxAge <= 0 {
+		if err := s.erase(session); err != nil {
+			return err
+		}
+		http.SetCookie(w, NewCookie(session.Name(), "", session.Options))
+		return nil
+	}
+
 	if session.ID == "" {
 		// Because the ID is used in the filename, encode it to
 		// use alphanumeric characters only.
@@ -268,3 +282,14 @@ func (s *FilesystemStore) load(session *Session) error {
 	}
 	return nil
 }
+
+// delete session file
+func (s *FilesystemStore) erase(session *Session) error {
+	filename := filepath.Join(s.path, "session_"+session.ID)
+
+	fileMutex.RLock()
+	defer fileMutex.RUnlock()
+
+	err := os.Remove(filename)
+	return err
+}