This can mean that the form parameter refers to a cookie now deleted
from the db: ie one relating to a previous user session.
This is not a bug or (necessariloy) an attack; it might simply mean
that the submission comes from a page generated in a previous login
session.
So handle this case the same way as $parmt=='n' (ie, expired hidden
parameter value). (Double-checked by searching the function beyond
that point for references to parmt.)
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
# any - POST nrmuoi bug or attack, fail
# any - GET rmuoi bug or attack, fail
# any any GET muoi bug or attack, fail
# any - POST nrmuoi bug or attack, fail
# any - GET rmuoi bug or attack, fail
# any any GET muoi bug or attack, fail
- # any t any nrmu bug or attack, fail
#
# - - GET O "just logged out" page
# (any other) O bug or attack, fail
#
# - - GET O "just logged out" page
# (any other) O bug or attack, fail
# revoke y2
# treat as y1 n POST
#
# revoke y2
# treat as y1 n POST
#
- # y n GET n intra-site link from stale page,
+ # y nt GET n intra-site link from stale page,
# treat as cross-site link, show data
#
# treat as cross-site link, show data
#
- # y n POST n m intra-site form submission from stale page
+ # y nt POST n m intra-site form submission from stale page
# show "session interrupted"
# with link to main data page
#
# show "session interrupted"
# with link to main data page
#
- # y n GET r intra-site request from stale page
+ # y nt GET r intra-site request from stale page
- # y n POST r u intra-site request from stale page
+ # y nt POST r u intra-site request from stale page
# fail
#
# -/n y2 GET nr intra-site link from cleared session
# fail
#
# -/n y2 GET nr intra-site link from cleared session
# revoke y2
# treat as -/n n POST
#
# revoke y2
# treat as -/n n POST
#
- # -/n -/n GET n cross-site link but user not logged in
+ # -nt -nt GET n cross-site link but user not logged in
# show login form with redirect to orig params
# generate fresh cookie
#
# show login form with redirect to orig params
# generate fresh cookie
#
- # -/n n GET rmu user not logged in
+ # -nt nt GET rmu user not logged in
- # -/n n POST n m user not logged in
+ # -nt nt POST n m user not logged in
- # -/n n POST r u user not logged in
+ # -nt nt POST r u user not logged in
# fail
sub _check_divert_core ($) {
# fail
sub _check_divert_core ($) {
if ($cookt eq 't') {
$cookt = '';
}
if ($cookt eq 't') {
$cookt = '';
}
if ($cookt eq 'y' && $parmt eq 'y' && $cookh ne $parmh) {
$r->_db_revoke($parmh) if $meth eq 'POST';
if ($cookt eq 'y' && $parmt eq 'y' && $cookh ne $parmh) {
$r->_db_revoke($parmh) if $meth eq 'POST';
if ($cookt ne 'y') {
die unless !$cookt || $cookt eq 'n';
if ($cookt ne 'y') {
die unless !$cookt || $cookt eq 'n';
- die unless !$parmt || $parmt eq 'n' || $parmt eq 'y';
+ die unless !$parmt || $parmt eq 't' || $parmt eq 'n' || $parmt eq 'y';
my $news = $r->_fresh_secret();
if ($meth eq 'GET') {
return ({ Kind => 'LOGIN-INCOMINGLINK',
my $news = $r->_fresh_secret();
if ($meth eq 'GET') {
return ({ Kind => 'LOGIN-INCOMINGLINK',
~ian / cgi-auth-flexible.git / commitdiff