/[smeserver]/rpms/perl-CGI-FormMagick/sme10/perl-CGI-FormMagick-0.93-bz10902-csrf-timeout.patch
ViewVC logotype

Annotation of /rpms/perl-CGI-FormMagick/sme10/perl-CGI-FormMagick-0.93-bz10902-csrf-timeout.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Sat Mar 6 20:14:51 2021 UTC (3 years, 8 months ago) by jpp
Branch: MAIN
CVS Tags: perl-CGI-FormMagick-0_93-8_el7_sme, HEAD
Changes since 1.1: +34 -0 lines
* Sat Mar 06 2021 Jean-Philipe Pialasse <tests@pialasse.com> 0.93-8.sme
- increase default timeout, allow setting from outside [SME: 10902]

1 jpp 1.2 diff -Nur --no-dereference perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick/Events.pm perl-CGI-FormMagick-0.93/lib/CGI/FormMagick/Events.pm
2     --- perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick/Events.pm 2021-03-06 01:02:20.026000000 -0500
3     +++ perl-CGI-FormMagick-0.93/lib/CGI/FormMagick/Events.pm 2021-03-06 15:12:29.451000000 -0500
4     @@ -83,8 +83,7 @@
5     $self->debug_msg("Request method should be POST.") unless (($self->{cgi}->request_method || '') eq 'POST') ;
6     return unless (($self->{cgi}->request_method || '') eq 'POST');
7     if ($self->{csrf} and ( ($self->{cgi}->param('csrf_token') || '') ne $self->{cgi}->param('csrf_token_compare')
8     - or $self->{cgi}->param('csrf_timestamp') + 120 < time ) ) {
9     - # only 3 min to validate form
10     + or $self->{cgi}->param('csrf_timestamp') + $self->{'csrfdelay'} < time ) ) {
11     $self->debug_msg("SRF protection blocked request");
12     warn "CSRF protection blocked request\n";
13     return $self->error($self->localise('CSRF_VALIDATION_FAILURE'));
14     @@ -146,8 +145,7 @@
15     $self->debug_msg("Request method should be POST.") unless (($self->{cgi}->request_method || '') eq 'POST') ;
16     return unless (($self->{cgi}->request_method || '') eq 'POST');
17     if ($self->{csrf} and ( ($self->{cgi}->param('csrf_token') || '') ne $self->{cgi}->param('csrf_token_compare')
18     - or $self->{cgi}->param('csrf_timestamp') + 120 < time ) ) {
19     - # only 3 min to validate form
20     + or $self->{cgi}->param('csrf_timestamp') + $self->{'csrfdelay'} < time ) ) {
21     $self->debug_msg("SRF protection blocked request");
22     warn "CSRF protection blocked request\n";
23     return $self->error($self->localise('CSRF_VALIDATION_FAILURE'));
24     diff -Nur --no-dereference perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick.pm perl-CGI-FormMagick-0.93/lib/CGI/FormMagick.pm
25     --- perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick.pm 2021-03-06 01:02:20.026000000 -0500
26     +++ perl-CGI-FormMagick-0.93/lib/CGI/FormMagick.pm 2021-03-06 15:10:37.562000000 -0500
27     @@ -183,6 +183,7 @@
28     $self->{cgi} = $args{cgi};
29     $self->{debug} = $args{debug} || 0;
30     $self->{csrf} = $args{csrf} || 0;
31     + $self->{csrfdelay} = $args{csrfdelay} || 180;
32    
33     if ($self->{cgi}) {
34     if ($args{sessiondir}) {

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed