/[smeserver]/rpms/perl-CGI-FormMagick/sme10/perl-CGI-FormMagick-0.93-bz10902-csrf-timeout.patch
ViewVC logotype

Diff of /rpms/perl-CGI-FormMagick/sme10/perl-CGI-FormMagick-0.93-bz10902-csrf-timeout.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.1 by jpp, Sat Mar 6 06:06:15 2021 UTC Revision 1.2 by jpp, Sat Mar 6 20:14:51 2021 UTC
# Line 0  Line 1 
1    diff -Nur --no-dereference perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick/Events.pm perl-CGI-FormMagick-0.93/lib/CGI/FormMagick/Events.pm
2    --- perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick/Events.pm   2021-03-06 01:02:20.026000000 -0500
3    +++ perl-CGI-FormMagick-0.93/lib/CGI/FormMagick/Events.pm       2021-03-06 15:12:29.451000000 -0500
4    @@ -83,8 +83,7 @@
5             $self->debug_msg("Request method should be POST.")  unless (($self->{cgi}->request_method || '') eq 'POST') ;
6             return unless (($self->{cgi}->request_method || '') eq 'POST');
7             if ($self->{csrf} and ( ($self->{cgi}->param('csrf_token') || '') ne $self->{cgi}->param('csrf_token_compare')
8    -           or $self->{cgi}->param('csrf_timestamp') + 120  < time ) ) {
9    -           # only 3 min to validate form
10    +           or $self->{cgi}->param('csrf_timestamp') + $self->{'csrfdelay'}  < time ) ) {
11                $self->debug_msg("SRF protection blocked request");
12                 warn "CSRF protection blocked request\n";
13                 return $self->error($self->localise('CSRF_VALIDATION_FAILURE'));
14    @@ -146,8 +145,7 @@
15         $self->debug_msg("Request method should be POST.")  unless (($self->{cgi}->request_method || '') eq 'POST') ;
16         return unless (($self->{cgi}->request_method || '') eq 'POST');
17         if ($self->{csrf} and ( ($self->{cgi}->param('csrf_token') || '') ne $self->{cgi}->param('csrf_token_compare')
18    -       or $self->{cgi}->param('csrf_timestamp') + 120  < time ) ) {
19    -        # only 3 min to validate form
20    +       or $self->{cgi}->param('csrf_timestamp') + $self->{'csrfdelay'}  < time ) ) {
21             $self->debug_msg("SRF protection blocked request");
22             warn "CSRF protection blocked request\n";
23             return $self->error($self->localise('CSRF_VALIDATION_FAILURE'));
24    diff -Nur --no-dereference perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick.pm perl-CGI-FormMagick-0.93/lib/CGI/FormMagick.pm
25    --- perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick.pm  2021-03-06 01:02:20.026000000 -0500
26    +++ perl-CGI-FormMagick-0.93/lib/CGI/FormMagick.pm      2021-03-06 15:10:37.562000000 -0500
27    @@ -183,6 +183,7 @@
28         $self->{cgi}        = $args{cgi};
29         $self->{debug}      = $args{debug}      || 0;
30         $self->{csrf}       = $args{csrf} || 0;
31    +    $self->{csrfdelay}       = $args{csrfdelay} || 180;
32    
33         if ($self->{cgi}) {
34             if ($args{sessiondir}) {

Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed