Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Small change to formkey id

  • Loading branch information...
commit d85a967d2fc9298c37854de6d0788e3d4bdda86f 1 parent d80f65f
@pudge pudge authored
Showing with 7 additions and 2 deletions.
  1. +3 −0  CHANGES
  2. +4 −2 Slash.pm
View
3  CHANGES
@@ -95,6 +95,9 @@ slash-1.0.5, 2000.06.xx
to encode every character that is not safe or reserved,
according to RFC1738)
+* Changed formkey to be by uid for logged in users, IP address
+ for everyone else
+
* Plenty of minor code cleanups
View
6 Slash.pm
@@ -2658,11 +2658,13 @@ sub getFormkeyId {
# if user logs in during submission of form, after getting
# formkey as AC, check formkey with user as AC
if ($I{query}->param('rlogin') && length($I{F}{upasswd}) > 1) {
- $id = crypt($ENV{REMOTE_ADDR}, reverse $ENV{REMOTE_ADDR});
+ # id includes '&' to prevent uid's and IPs
+ # from potentially being the same
+ $id = '-1&' . $ENV{REMOTE_ADDR};
} elsif ($uid > 0) {
$id = $uid;
} else {
- $id = crypt($ENV{REMOTE_ADDR}, reverse $ENV{REMOTE_ADDR});
+ $id = '-1&' . $ENV{REMOTE_ADDR};
}
return($id);
}
Please sign in to comment.
Something went wrong with that request. Please try again.