- Update patch for more strict untainting.
Reported by: Geraint Edwards <gedge@yadn.org> Obtained from: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409731
This commit is contained in:
parent
e2f360f7fb
commit
3eea4ba0fb
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=248184
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
PORTNAME= Authen-Captcha
|
PORTNAME= Authen-Captcha
|
||||||
PORTVERSION= 1.023
|
PORTVERSION= 1.023
|
||||||
PORTREVISION= 4
|
PORTREVISION= 5
|
||||||
CATEGORIES= security perl5
|
CATEGORIES= security perl5
|
||||||
MASTER_SITES= CPAN
|
MASTER_SITES= CPAN
|
||||||
PKGNAMEPREFIX= p5-
|
PKGNAMEPREFIX= p5-
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
--- Captcha.pm.orig Mon May 10 10:58:05 2004
|
--- Captcha.pm.orig 2003-12-18 13:44:34.000000000 +0900
|
||||||
+++ Captcha.pm Mon May 10 11:06:24 2004
|
+++ Captcha.pm 2010-01-19 18:52:23.656183439 +0900
|
||||||
@@ -65,6 +65,7 @@ sub new
|
@@ -65,6 +65,7 @@
|
||||||
my $keep_failures = (defined($opts{keep_failures}) && $opts{keep_failures})
|
my $keep_failures = (defined($opts{keep_failures}) && $opts{keep_failures})
|
||||||
? 1 : 0;
|
? 1 : 0;
|
||||||
$self->keep_failures($keep_failures);
|
$self->keep_failures($keep_failures);
|
||||||
@ -8,7 +8,7 @@
|
|||||||
|
|
||||||
# create a random seed if perl version less than 5.004
|
# create a random seed if perl version less than 5.004
|
||||||
if ($] < 5.005)
|
if ($] < 5.005)
|
||||||
@@ -193,6 +194,18 @@ sub data_folder
|
@@ -193,6 +194,18 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -27,7 +27,7 @@
|
|||||||
|
|
||||||
sub check_code
|
sub check_code
|
||||||
{
|
{
|
||||||
@@ -214,7 +227,7 @@ sub check_code
|
@@ -214,7 +227,7 @@
|
||||||
# they could be confused with (o) and (l), so we swap them in
|
# they could be confused with (o) and (l), so we swap them in
|
||||||
$code =~ tr/01/ol/;
|
$code =~ tr/01/ol/;
|
||||||
|
|
||||||
@ -36,7 +36,25 @@
|
|||||||
|
|
||||||
# pull in current database
|
# pull in current database
|
||||||
warn "Open File: $database_file\n" if($self->debug() >= 2);
|
warn "Open File: $database_file\n" if($self->debug() >= 2);
|
||||||
@@ -490,7 +503,7 @@ sub generate_code
|
@@ -232,7 +245,7 @@
|
||||||
|
foreach my $line (@data)
|
||||||
|
{
|
||||||
|
$line =~ s/\n//;
|
||||||
|
- my ($data_time,$data_code) = split(/::/,$line);
|
||||||
|
+ my ($data_time,$data_code) = $line =~ m/(^\d+)::([[:xdigit:]]{32})$/;
|
||||||
|
|
||||||
|
my $png_file = File::Spec->catfile($self->output_folder(),$data_code . ".png");
|
||||||
|
if ($data_code eq $crypt)
|
||||||
|
@@ -351,7 +364,7 @@
|
||||||
|
foreach my $line (@data)
|
||||||
|
{
|
||||||
|
$line =~ s/\n//;
|
||||||
|
- my ($data_time,$data_code) = split(/::/,$line);
|
||||||
|
+ my ($data_time,$data_code) = $line =~ m/(^\d+)::([[:xdigit:]]{32})$/;
|
||||||
|
if ( (($current_time - $data_time) > ($self->expire())) ||
|
||||||
|
($data_code eq $md5) )
|
||||||
|
{ # remove expired captcha, or a dup
|
||||||
|
@@ -490,7 +503,7 @@
|
||||||
my $length = shift;
|
my $length = shift;
|
||||||
|
|
||||||
my $code = $self->generate_random_string($length);
|
my $code = $self->generate_random_string($length);
|
||||||
@ -45,7 +63,7 @@
|
|||||||
|
|
||||||
my ($captcha_data_ref,$output_filename);
|
my ($captcha_data_ref,$output_filename);
|
||||||
if ($self->type() eq 'image')
|
if ($self->type() eq 'image')
|
||||||
@@ -625,6 +638,7 @@ See the method descriptions for more det
|
@@ -625,6 +638,7 @@
|
||||||
height => 35, # optional. default 35
|
height => 35, # optional. default 35
|
||||||
images_folder => '/some/folder', # optional. default to lib dir
|
images_folder => '/some/folder', # optional. default to lib dir
|
||||||
keep_failures => 0, # optional, defaults to 0(false)
|
keep_failures => 0, # optional, defaults to 0(false)
|
||||||
@ -53,11 +71,10 @@
|
|||||||
debug => 0, # optional. default 0
|
debug => 0, # optional. default 0
|
||||||
|
|
||||||
=back
|
=back
|
||||||
@@ -694,6 +708,14 @@ Optional. Number of pixels wide for the
|
@@ -695,6 +709,14 @@
|
||||||
=item C<$captcha-E<gt>keep_failures( [0|1] );>
|
|
||||||
|
|
||||||
Optional. Defaults to zero. This option controls whether or not the captcha will remain valid after a failed attempt. By default, we only allow one attempt to solve it. This greatly reduces the possibility that a bot could brute force a correct answer. Change it at your own risk.
|
Optional. Defaults to zero. This option controls whether or not the captcha will remain valid after a failed attempt. By default, we only allow one attempt to solve it. This greatly reduces the possibility that a bot could brute force a correct answer. Change it at your own risk.
|
||||||
+
|
|
||||||
+=item C<$captcha-E<gt>secret( "SuperSecret" );>
|
+=item C<$captcha-E<gt>secret( "SuperSecret" );>
|
||||||
+
|
+
|
||||||
+Optional. Defaults to an empty string. This option is meant to prevent
|
+Optional. Defaults to an empty string. This option is meant to prevent
|
||||||
@ -65,6 +82,7 @@
|
|||||||
+valid codes and comparing them with the image file name. Obviously, the
|
+valid codes and comparing them with the image file name. Obviously, the
|
||||||
+secret should be the same for creating and checking the captcha. It is a
|
+secret should be the same for creating and checking the captcha. It is a
|
||||||
+good idea to set it to something else than the default.
|
+good idea to set it to something else than the default.
|
||||||
|
+
|
||||||
=item C<$captcha-E<gt>debug( [0|1|2] );>
|
=item C<$captcha-E<gt>debug( [0|1|2] );>
|
||||||
|
|
||||||
|
Optional.
|
||||||
|
Loading…
Reference in New Issue
Block a user