From e224b3902cd0d5d67dff020dd87cb8db633e7c2d Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Wed, 9 Jan 2013 22:31:04 +0000 Subject: [PATCH] wip fixes --- TODO | 10 ++++++++++ cgi-auth-hybrid.pm | 33 +++++++++++++++++++-------------- 2 files changed, 29 insertions(+), 14 deletions(-) create mode 100644 TODO diff --git a/TODO b/TODO new file mode 100644 index 0000000..9f0b1fd --- /dev/null +++ b/TODO @@ -0,0 +1,10 @@ +REQUEST_METHOD=post CAHTEST_HOME=`pwd` ./test.cgi ; echo + + +make parameter values hash of cookie values + + + +cookie header not generated + +missing hidden parameter diff --git a/cgi-auth-hybrid.pm b/cgi-auth-hybrid.pm index 7866bdc..6453779 100644 --- a/cgi-auth-hybrid.pm +++ b/cgi-auth-hybrid.pm @@ -92,11 +92,9 @@ sub login_ok_password ($$) { sub do_redirect_cgi ($$$$) { my ($c, $r, $new_url, $cookie) = @_; - my @ha = ('text/html', - -status => '303 See other', - -location => $new_url); - push @ha, (-cookie => $cookie) if defined $cookie; - $r->_print($c->header(@ha), + $r->_print($c->header($r->_cgi_header_args($cookie, + -status => '303 See other', + -location => $new_url)), $r->_ch('gen_start_html',$r->_gt('Redirection')), '', $r->_gt("If you aren't redirected, click to continue."), @@ -113,8 +111,8 @@ sub gen_plain_login_form ($$) { my $sz = 'size="'.$r->{S}{form_entry_size}.'"'; foreach my $up (@{ $r->{S}{username_param_names}}) { push @form, ('',$r->_gt(ucfirst $up),'', - ''); + ''); } push @form, (''.$r->_gt('Password'),'', '{Cgi}; - my $cookt = $c->cookie(-name => $r->{S}{cookie_name}, + my $cookie = $c->cookie(-name => $r->{S}{cookie_name}, -value => $cookv, -path => $r->{S}{cookie_path}, -domain => $r->_ch('get_cookie_domain'), -expires => '+'.$r->{S}{login_timeout}.'s', -secure => $r->{S}{encrypted_only}); -print STDERR "CC $r $c $cookv $cookt\n"; - return $cookt; +print STDERR "CC $r $c $cookv $cookie\n"; + return $cookie; } # pages/param-sets are @@ -424,8 +422,6 @@ print STDERR "CC $r $c $cookv $cookt\n"; # -/n n POST r u user not logged in # fail -#fixme make parameter values hash of cookie values - sub _check_divert_core ($) { my ($r) = @_; @@ -629,6 +625,14 @@ sub url_with_query_params ($$) { return $uri->as_string(); } +sub _cgi_header_args ($$@) { + my ($r, $cookie, @ha) = @_; + unshift @ha, qw(-type text/html); + push @ha, (-cookie => $cookie) if defined $cookie; + print STDERR "_cgi_header_args ",join('|',@ha),".\n"; + return @ha; +} + sub check_ok ($) { my ($r) = @_; @@ -641,6 +645,7 @@ sub check_ok ($) { my $kind = $divert->{Kind}; my $cookieval = $divert->{CookieVal}; my $params = $divert->{Params}; + my $cookie = $r->construct_cookie($cookieval); if ($kind =~ m/^REDIRECT-/) { # for redirects, we honour stored NextParams and SetCookie, @@ -654,7 +659,6 @@ sub check_ok ($) { die; } my $new_url = $r->url_with_query_params($params); - my $cookie = $r->construct_cookie($r, $cookieval); $r->_ch('do_redirect',$new_url, $cookie); return 0; } @@ -672,7 +676,7 @@ sub check_ok ($) { die $kind; } - $r->_print($r->{Cgi}->header('text/html'), + $r->_print($r->{Cgi}->header($r->_cgi_header_args($cookie)), $r->_ch('gen_start_html',$title), @body, $r->_ch('gen_end_html')); @@ -693,6 +697,7 @@ sub _random ($$) { close $rsf; my $out = unpack "H*", $bin; print STDERR "_random out $out\n"; + return $out; } sub _fresh_cookie ($) { -- 2.30.2