Skip to content

Commit

Permalink
more conservative names again
Browse files Browse the repository at this point in the history
  • Loading branch information
@kraih
kraih committed Dec 19, 2013
1 parent 57e5129 commit 444d302
Showing 1 changed file with 15 additions and 15 deletions.
30 changes: 15 additions & 15 deletions lib/Mojolicious/Controller.pm
View file
Expand Up @@ -195,8 +195,8 @@ sub render_exception {
};
my $inline = $renderer->_bundled(
$mode eq 'development' ? 'exception.development' : 'exception');
return $self if $self->__fallbacks($options, 'exception', $inline);
$self->__fallbacks({%$options, format => 'html'}, 'exception', $inline);
return $self if $self->_fallbacks($options, 'exception', $inline);
$self->_fallbacks({%$options, format => 'html'}, 'exception', $inline);
return $self;
}

Expand All @@ -216,8 +216,8 @@ sub render_not_found {
= {template => "not_found.$mode", format => $format, status => 404};
my $inline = $renderer->_bundled(
$mode eq 'development' ? 'not_found.development' : 'not_found');
return $self if $self->__fallbacks($options, 'not_found', $inline);
$self->__fallbacks({%$options, format => 'html'}, 'not_found', $inline);
return $self if $self->_fallbacks($options, 'not_found', $inline);
$self->_fallbacks({%$options, format => 'html'}, 'not_found', $inline);
return $self;
}

Expand Down Expand Up @@ -333,9 +333,17 @@ sub signed_cookie {
my @results;
for my $value ($self->cookie($name)) {

# Check signature
# Check signature with rotating secrets
if ($value =~ s/--([^\-]+)$//) {
if (__signature($value, $1, @$secrets)) { push @results, $value }
my $signature = $1;

my $valid;
for my $secret (@$secrets) {
my $check = Mojo::Util::hmac_sha1_sum($value, $secret);
++$valid and last if Mojo::Util::secure_compare($signature, $check);
}
if ($valid) { push @results, $value }

else {
$self->app->log->debug(
qq{Bad signed cookie "$name", possible hacking attempt.});
Expand Down Expand Up @@ -439,7 +447,7 @@ sub write_chunk {
return $self->rendered;
}

sub __fallbacks {
sub _fallbacks {
my ($self, $options, $template, $inline) = @_;

# Mode specific template
Expand All @@ -455,14 +463,6 @@ sub __fallbacks {
return $self->render_maybe(%$options, inline => $inline, handler => 'ep');
}

sub __signature {
my ($value, $signature) = (shift, shift);
Mojo::Util::secure_compare($signature, Mojo::Util::hmac_sha1_sum($value, $_))
and return 1
for @_;
return undef;
}

1;

=encoding utf8
Expand Down

0 comments on commit 444d302

Please sign in to comment.