diff options
author | Yorhel <git@yorhel.nl> | 2014-08-29 09:43:00 +0200 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2014-08-29 09:45:15 +0200 |
commit | c27d4e6b509a655d81e36469bb881afc287596e8 (patch) | |
tree | c7a42b5226edaab2e3356592130a6db7caa13a9e /lib/VNDB/Util/Misc.pm | |
parent | 9475bf8ccf1b422402ab70b6cb2276dc3c61e5c6 (diff) |
Strengthen formcode for non-logged-in visitors + CSRF protect login form
formcode is strengthened by including the IP (-prefix) into the hash,
ensuring that the code can't be obtained by someone on a different
network.
I also removed the login form of every page. Felt kinda pointless.
Diffstat (limited to 'lib/VNDB/Util/Misc.pm')
-rw-r--r-- | lib/VNDB/Util/Misc.pm | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/lib/VNDB/Util/Misc.pm b/lib/VNDB/Util/Misc.pm index 04114483..7ee0701b 100644 --- a/lib/VNDB/Util/Misc.pm +++ b/lib/VNDB/Util/Misc.pm @@ -6,8 +6,9 @@ use warnings; use Exporter 'import'; use TUWF ':html'; use VNDB::Func; +use Socket 'inet_pton', 'inet_ntop', 'AF_INET6'; -our @EXPORT = qw|filFetchDB ieCheck|; +our @EXPORT = qw|filFetchDB ieCheck normIP|; my %filfields = ( @@ -143,5 +144,24 @@ sub ieCheck { } +# Normalized IP address to use for duplicate detection/throttling. For IPv4 +# this is just the normal address, but for IPv6 this is the /48 subnet, with +# the rest of the address zero'd. +sub normIP { + my $s = shift; + my $ip = $s->reqIP(); + return $ip if $ip !~ /:/; + + # There's a whole bunch of IPv6 manipulation modules on CPAN, but many seem + # quite bloated and still don't offer the functionality to return an IP + # with its mask applied (admittedly not a common operation). The libc + # socket functions will do fine in parsing and formatting IPv6 addresses, + # and the actual masking is quite trivial in binary form. + $ip = inet_pton AF_INET6, $ip; + return '::' if !$ip; + $ip =~ s/^(.{6}).+$/$1 . "\0"x10/e; + return inet_ntop AF_INET6, $ip; +} + 1; |