oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Security bug in session env

Browse source
This commit is contained in:
JT Smith 2006-07-11 20:32:46 +00:00
parent 63b22dc502
commit a440cb5f41
10 changed files with 30 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/WebGUI/Session/ErrorHandler.pm
View file

@ -90,7 +90,7 @@ sub canShowDebug {
my $ips = $self->session->setting->get("debugIp");
$ips =~ s/\s+//g;
my @ips = split(",", $ips);
my $ok = WebGUI::Utility::isInSubnet($self->session->env->get("REMOTE_ADDR"), [ @ips] );
my $ok = WebGUI::Utility::isInSubnet($self->session->env->getIp, [ @ips] );
return $ok;
}
@ -105,7 +105,7 @@ Returns true if the user meets the conditions to see performance indicators and
sub canShowPerformanceIndicators {
my $self = shift;
my $mask = $self->session->setting->get("debugIp");
my $ip = $self->session->env->get("REMOTE_ADDR");
my $ip = $self->session->env->getIp;
return (
(
$self->session->setting->get("showPerformanceIndicators")
@ -331,7 +331,7 @@ sub security {
my $self = shift;
my $message = shift;
$self->warn($self->session->user->username." (".$self->session->user->userId.") connecting from "
.$self->session->env->get("REMOTE_ADDR")." attempted to ".$message);
.$self->session->env->getIp." attempted to ".$message);
}