perl-CGI-FormMagick/perl-CGI-FormMagick-0.93-bz10902-csrf-timeout.patch

35 lines
2.3 KiB
Diff
Raw Normal View History

diff -Nur --no-dereference perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick/Events.pm perl-CGI-FormMagick-0.93/lib/CGI/FormMagick/Events.pm
--- perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick/Events.pm 2021-03-06 01:02:20.026000000 -0500
+++ perl-CGI-FormMagick-0.93/lib/CGI/FormMagick/Events.pm 2021-03-06 15:12:29.451000000 -0500
@@ -83,8 +83,7 @@
$self->debug_msg("Request method should be POST.") unless (($self->{cgi}->request_method || '') eq 'POST') ;
return unless (($self->{cgi}->request_method || '') eq 'POST');
if ($self->{csrf} and ( ($self->{cgi}->param('csrf_token') || '') ne $self->{cgi}->param('csrf_token_compare')
- or $self->{cgi}->param('csrf_timestamp') + 120 < time ) ) {
- # only 3 min to validate form
+ or $self->{cgi}->param('csrf_timestamp') + $self->{'csrfdelay'} < time ) ) {
$self->debug_msg("SRF protection blocked request");
warn "CSRF protection blocked request\n";
return $self->error($self->localise('CSRF_VALIDATION_FAILURE'));
@@ -146,8 +145,7 @@
$self->debug_msg("Request method should be POST.") unless (($self->{cgi}->request_method || '') eq 'POST') ;
return unless (($self->{cgi}->request_method || '') eq 'POST');
if ($self->{csrf} and ( ($self->{cgi}->param('csrf_token') || '') ne $self->{cgi}->param('csrf_token_compare')
- or $self->{cgi}->param('csrf_timestamp') + 120 < time ) ) {
- # only 3 min to validate form
+ or $self->{cgi}->param('csrf_timestamp') + $self->{'csrfdelay'} < time ) ) {
$self->debug_msg("SRF protection blocked request");
warn "CSRF protection blocked request\n";
return $self->error($self->localise('CSRF_VALIDATION_FAILURE'));
diff -Nur --no-dereference perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick.pm perl-CGI-FormMagick-0.93/lib/CGI/FormMagick.pm
--- perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick.pm 2021-03-06 01:02:20.026000000 -0500
+++ perl-CGI-FormMagick-0.93/lib/CGI/FormMagick.pm 2021-03-06 15:10:37.562000000 -0500
@@ -183,6 +183,7 @@
$self->{cgi} = $args{cgi};
$self->{debug} = $args{debug} || 0;
$self->{csrf} = $args{csrf} || 0;
+ $self->{csrfdelay} = $args{csrfdelay} || 180;
if ($self->{cgi}) {
if ($args{sessiondir}) {