[interchange-cvs] interchange - heins modified 2 files

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Tue Feb 24 15:53:58 EST 2004 

User:      heins
Date:      2004-02-24 20:53:58 GMT
Modified:  lib/Vend Session.pm Dispatch.pm
Log:
* Last security fix for login scrub was in wrong place -- should be
  in the init_session() routine.

* Back out change to Dispatch.pm and properly do it in Session.pm.

* Security fix, merge to stable.

Revision  Changes    Path
2.16      +7 -2      interchange/lib/Vend/Session.pm


rev 2.16, prev_rev 2.15
Index: Session.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Session.pm,v
retrieving revision 2.15
retrieving revision 2.16
diff -u -r2.15 -r2.16
--- Session.pm	3 Dec 2003 16:10:21 -0000	2.15
+++ Session.pm	24 Feb 2004 20:53:58 -0000	2.16
@@ -1,6 +1,6 @@
 # Vend::Session - Interchange session routines
 #
-# $Id: Session.pm,v 2.15 2003/12/03 16:10:21 mheins Exp $
+# $Id: Session.pm,v 2.16 2004/02/24 20:53:58 mheins Exp $
 # 
 # Copyright (C) 2002-2003 Interchange Development Group
 # Copyright (C) 1996-2002 Red Hat, Inc.
@@ -27,7 +27,7 @@
 require Exporter;
 
 use vars qw($VERSION);
-$VERSION = substr(q$Revision: 2.15 $, 10);
+$VERSION = substr(q$Revision: 2.16 $, 10);
 
 @ISA = qw(Exporter);
 
@@ -460,6 +460,11 @@
 
 
 sub init_session {
+	undef $Vend::username;
+	undef $Vend::admin;
+	undef $Vend::groups;
+	undef $Vend::superuser;
+	undef $Vend::login_table;
     $Vend::Session = {
 		'ohost'		=> $CGI::remote_addr,
 		'arg'		=> $Vend::Argument,



1.33      +2 -7      interchange/lib/Vend/Dispatch.pm


rev 1.33, prev_rev 1.32
Index: Dispatch.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Dispatch.pm,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- Dispatch.pm	24 Feb 2004 19:17:46 -0000	1.32
+++ Dispatch.pm	24 Feb 2004 20:53:58 -0000	1.33
@@ -1,6 +1,6 @@
 # Vend::Dispatch - Handle Interchange page requests
 #
-# $Id: Dispatch.pm,v 1.32 2004/02/24 19:17:46 mheins Exp $
+# $Id: Dispatch.pm,v 1.33 2004/02/24 20:53:58 mheins Exp $
 #
 # Copyright (C) 2002-2003 Interchange Development Group
 # Copyright (C) 2002 Mike Heins <mike at perusion.net>
@@ -26,7 +26,7 @@
 package Vend::Dispatch;
 
 use vars qw($VERSION);
-$VERSION = substr(q$Revision: 1.32 $, 10);
+$VERSION = substr(q$Revision: 1.33 $, 10);
 
 use POSIX qw(strftime);
 use Vend::Util;
@@ -564,11 +564,6 @@
 	cancel	=> sub {
 					put_session();
 					get_session();
-					undef $Vend::username;
-					undef $Vend::admin;
-					undef $Vend::groups;
-					undef $Vend::superuser;
-					undef $Vend::login_table;
 					init_session();
 					$CGI::values{mv_nextpage} = find_special_page('canceled')
 						if ! $CGI::values{mv_nextpage};

More information about the interchange-cvs mailing list