dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not send void HTTP headers to apps (#573)

Browse Source
This commit is contained in:
François-Xavier Deltombe 2013-01-04 17:54:32 +00:00
parent a8382125c7
commit ed08dc0cb0
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/AuthBasic.pm
View File

@ -144,16 +144,16 @@ sub run ($$) {
$class->updateStatus( $datas->{$whatToTrace}, $apacheRequest->uri, 'OK' );
$class->logGranted( $uri, $datas );
# ACCOUNTING
# 2 - Inform remote application
$class->sendHeaders;
# SECURITY
# Hide Lemonldap::NG cookie
$class->hideCookie;
# Hide user password
$class->lmSetHeaderIn( $apacheRequest, Authorization => '' );
$class->lmUnsetHeaderIn( $apacheRequest, "Authorization");
# ACCOUNTING
# 2 - Inform remote application
$class->sendHeaders;
OK;
}

10
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Simple.pm
View File

@ -32,7 +32,7 @@ use constant MAINTENANCE_CODE => 503;
#inherits Apache::Session
#link Lemonldap::NG::Common::Apache::Session::SOAP protected globalStorage
our $VERSION = '1.2.2';
our $VERSION = '1.2.3';
our %EXPORT_TAGS;
@ -826,8 +826,12 @@ sub hideCookie {
my $class = shift;
$class->lmLog( "removing cookie", 'debug' );
my $tmp = lmHeaderIn( $apacheRequest, 'Cookie' );
$tmp =~ s/$cookieName(?:http)?[^,;]*[,;]?//og;
$class->lmSetHeaderIn( $apacheRequest, 'Cookie' => $tmp );
$tmp =~ s/$cookieName(http)?=[^,;]*[,;\s]*//og;
if ($tmp) {
$class->lmSetHeaderIn( $apacheRequest, 'Cookie' => $tmp );
} else {
$class->lmUnsetHeaderIn( $apacheRequest, 'Cookie' );
}
}
## @rmethod protected string encodeUrl(string url)