Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PR 1078 - fix YAML sessions under taint #1151

Merged
merged 3 commits into from Feb 2, 2016
Merged

PR 1078 - fix YAML sessions under taint #1151

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
89abc93
Update YAML.pm
chrisjrob Oct 3, 2014
1af841a
Merge branch 'patch-1' of https://github.com/chrisjrob/Dancer into ch…
bigpresh Feb 2, 2016
1f4c04c
Update Changes
bigpresh Feb 2, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions Changes
View file
Open in desktop
Expand Up @@ -11,6 +11,7 @@ Revision history for Dancer
- Avoid test failures due to race condition in selecting a port to listen on
by using 127.0.0.10 instead (more of a hacky workaround than a fix, but
should help (bigpresh)
- Fix YAML session handler under taint mode (chrisjrob)

[DOCUMENTATION]
- Better doc for forward_for_address (PR 1146, Relequestual)
Expand Down
7 changes: 6 additions & 1 deletion lib/Dancer/Session/YAML.pm
View file
Open in desktop
Expand Up @@ -82,7 +82,12 @@ sub retrieve {
sub yaml_file {
my $id = shift;

return path(setting('session_dir'), "$id.yml");
# Untaint Session ID before using it in file actions
# required when running under Perl Taint mode
$id =~ m/^([\d]*)$/;
my $yaml_file = "$1.yml";

return path(setting('session_dir'), $yaml_file);
}

sub destroy {
Expand Down