diff options
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | data/global.pl | 2 | ||||
-rw-r--r-- | data/script.js | 3 | ||||
-rw-r--r-- | lib/VNDB/Handler/Tags.pm | 2 | ||||
-rw-r--r-- | lib/VNDB/Handler/VNBrowse.pm | 2 | ||||
-rw-r--r-- | lib/VNDB/Util/Auth.pm | 8 | ||||
-rwxr-xr-x | util/jsgen.pl | 1 |
7 files changed, 11 insertions, 8 deletions
@@ -11,6 +11,7 @@ - Added Apple iProduct platform - Removed XML sitemap - Added image dimensions to screenshot thumbail <img> tags + - Prefix all cookies with a configurable cookie_prefix - Bugfix: only redirect VN search to VN page if page=1 - Bugfix: remove duplicate votes when merging tags (fixes a 500) - Bugfix: Multi::Anime: don't crash when anidb returns an invalid or empty year diff --git a/data/global.pl b/data/global.pl index 45c8f6b5..4046ce10 100644 --- a/data/global.pl +++ b/data/global.pl @@ -19,7 +19,7 @@ our %S = (%S, url_static => 'http://s.vndb.org', skin_default => 'angel', cookie_domain => '.vndb.org', - cookie_auth => 'vndb_auth', + cookie_prefix => 'vndb_', global_salt => 'any-private-string-here', source_url => 'http://git.blicky.net/vndb.git/?h=master', admin_email => 'contact@vndb.org', diff --git a/data/script.js b/data/script.js index 12569d25..3e2b479f 100644 --- a/data/script.js +++ b/data/script.js @@ -41,10 +41,11 @@ function ajax(url, func) { function setCookie(n,v) { var date = new Date(); date.setTime(date.getTime()+(365*24*60*60*1000)); - document.cookie = n+'='+v+'; expires='+date.toGMTString()+'; path=/'; + document.cookie = cookie_prefix+n+'='+v+'; expires='+date.toGMTString()+'; path=/'; } function getCookie(n) { var l = document.cookie.split(';'); + n = cookie_prefix+n; for(var i=0; i<l.length; i++) { var c = l[i]; while(c.charAt(0) == ' ') diff --git a/lib/VNDB/Handler/Tags.pm b/lib/VNDB/Handler/Tags.pm index 40183ea4..a8558575 100644 --- a/lib/VNDB/Handler/Tags.pm +++ b/lib/VNDB/Handler/Tags.pm @@ -35,7 +35,7 @@ sub tagpage { { name => 'm', required => 0, default => -1, enum => [qw|0 1 2|] }, ); return 404 if $f->{_err}; - my $tagspoil = $self->reqCookie('tagspoil'); + my $tagspoil = $self->reqCookie($self->{cookie_prefix}.'tagspoil'); $f->{m} = $tagspoil =~ /^[0-2]$/ ? $tagspoil : 0 if $f->{m} == -1; my($list, $np) = $t->{meta} || $t->{state} != 2 ? ([],0) : $self->dbVNGet( diff --git a/lib/VNDB/Handler/VNBrowse.pm b/lib/VNDB/Handler/VNBrowse.pm index f4f98194..f3193b57 100644 --- a/lib/VNDB/Handler/VNBrowse.pm +++ b/lib/VNDB/Handler/VNBrowse.pm @@ -25,7 +25,7 @@ sub list { { name => 'pl', required => 0, multi => 1, enum => $self->{platforms}, default => '' }, { name => 'ti', required => 0, default => '', maxlength => 200 }, { name => 'te', required => 0, default => '', maxlength => 200 }, - { name => 'sp', required => 0, default => $self->reqCookie('tagspoil') =~ /^([0-2])$/ ? $1 : 0, enum => [0..2] }, + { name => 'sp', required => 0, default => $self->reqCookie($self->{cookie_prefix}.'tagspoil') =~ /^([0-2])$/ ? $1 : 0, enum => [0..2] }, ); return 404 if $f->{_err}; $f->{q} ||= $f->{sq}; diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm index 9dd1d738..45b39249 100644 --- a/lib/VNDB/Util/Auth.pm +++ b/lib/VNDB/Util/Auth.pm @@ -20,7 +20,7 @@ sub authInit { my $self = shift; $self->{_auth} = undef; - my $cookie = $self->reqCookie($self->{cookie_auth}); + my $cookie = $self->reqCookie($self->{cookie_prefix}.'auth'); return 0 if !$cookie; return _rmcookie($self) if length($cookie) < 41; my $token = substr($cookie, 0, 40); @@ -47,7 +47,7 @@ sub authLogin { my $expstr = strftime("%a, %d %b %Y %H:%M:%S GMT", gmtime(time + 31536000)); # keep the cookie for 1 year $self->resRedirect($to, 'post'); - $self->resHeader('Set-Cookie', "$self->{cookie_auth}=$cookie; expires=$expstr; path=/; domain=$self->{cookie_domain}"); + $self->resHeader('Set-Cookie', "$self->{cookie_prefix}auth=$cookie; expires=$expstr; path=/; domain=$self->{cookie_domain}"); return 1; } @@ -59,7 +59,7 @@ sub authLogin { sub authLogout { my $self = shift; - my $cookie = $self->reqCookie($self->{cookie_auth}); + my $cookie = $self->reqCookie($self->{cookie_prefix}.'auth'); if ($cookie && length($cookie) >= 41) { my $token = substr($cookie, 0, 40); my $uid = substr($cookie, 40); @@ -138,7 +138,7 @@ sub authPreparePass{ # removes the vndb_auth cookie sub _rmcookie { $_[0]->resHeader('Set-Cookie', - "$_[0]->{cookie_auth}= ; expires=Sat, 01-Jan-2000 00:00:00 GMT; path=/; domain=$_[0]->{cookie_domain}"); + "$_[0]->{cookie_prefix}auth= ; expires=Sat, 01-Jan-2000 00:00:00 GMT; path=/; domain=$_[0]->{cookie_domain}"); } diff --git a/util/jsgen.pl b/util/jsgen.pl index 1ad8fb53..2235d289 100755 --- a/util/jsgen.pl +++ b/util/jsgen.pl @@ -85,6 +85,7 @@ sub jsgen { my $js = encode_utf8(l10n()) . "\n"; $js .= sprintf "rlst_rstat = [ %s ];\n", join ', ', map qq{"$_"}, @{$S{rlst_rstat}}; $js .= sprintf "rlst_vstat = [ %s ];\n", join ', ', map qq{"$_"}, @{$S{rlst_vstat}}; + $js .= sprintf "cookie_prefix = '%s';\n", $S{cookie_prefix}; open my $JS, '<', "$ROOT/data/script.js" or die $!; $js .= join '', <$JS>; close $JS; |