From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Tue, 27 Oct 2015 16:47:28 +0000 (+0000)
Subject: blinding: Use . as separator rather than / (which ends up as %2e)
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=cgi-auth-flexible.git;a=commitdiff_plain;h=453277e46f79217f90cfd996d92bec1f03403191

blinding: Use . as separator rather than / (which ends up as %2e)

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
---

diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm
index b4985ca..a661618 100644
--- a/cgi-auth-flexible.pm
+++ b/cgi-auth-flexible.pm
@@ -1185,13 +1185,13 @@ sub _blind ($$) {
     my $mask = $r->_random(($l+1)>>1);
     $mask = substr $mask, 0, $l;
     my $blound = $r->_blind_combine($in, $mask);
-    return "$blound/$mask";
+    return "$blound.$mask";
 }
 
 sub _unblind ($$) {
     my ($r, $in) = @_;
     return $in unless $in;
-    my ($blound,$mask) = ($in =~ m#^(.*)/([0-9a-f]+)$#) or die "$in ?";
+    my ($blound,$mask) = ($in =~ m#^(.*)\.([0-9a-f]+)$#) or die "$in ?";
     my $l = $r->_blind_len($blound);
     $l == length($mask) or die "$in ?";
     return $r->_blind_combine($blound, $mask);