[freeside-commits] branch master updated. 0682747829a56d487155e28675c133cb90f991de

Mitch Jackson mitch at freeside.biz
Wed Sep 12 21:46:04 PDT 2018 

The branch, master has been updated
       via  0682747829a56d487155e28675c133cb90f991de (commit)
      from  5f3b423601b5ddd7605e1eaf4bd838c0fd6f5fcf (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0682747829a56d487155e28675c133cb90f991de
Author: Mitch Jackson <mitch at freeside.biz>
Date:   Thu Sep 13 00:44:54 2018 -0400

    RT# 80624 Browser check repeats if session changes

diff --git a/httemplate/misc/edge_browser_check-header.html b/httemplate/misc/edge_browser_check-header.html
index e7666aec4..a88962be9 100644
--- a/httemplate/misc/edge_browser_check-header.html
+++ b/httemplate/misc/edge_browser_check-header.html
@@ -18,7 +18,10 @@
   </script>
 % }
 <%init>
-my $curuser = $FS::CurrentUser::CurrentUser;
+my $curuser    = $FS::CurrentUser::CurrentUser;
+my $session    = $FS::CurrentUser::CurrentSession;
+my $sessionkey = $session->sessionkey if $session;
+
 my $cgi = FS::UID::cgi();
 my $DEBUG = 0;
 
@@ -26,7 +29,8 @@ my $do_check = 0;
 $do_check = 1
   if $curuser
   && !$cgi->param('edge_browser_check')
-  && $curuser->get_pref('edge_bug_vulnerable') ne 'N';
+  && $sessionkey
+  && $curuser->get_pref('edge_bug_vulnerable') ne $sessionkey;
 
 my $force_redirect = $curuser->get_pref('edge_bug_vulnerable') eq 'Y' ? 1 : 0;
-</%init>
\ No newline at end of file
+</%init>
diff --git a/httemplate/misc/edge_browser_check-iframe.html b/httemplate/misc/edge_browser_check-iframe.html
index e804fc676..61ae9a0bd 100644
--- a/httemplate/misc/edge_browser_check-iframe.html
+++ b/httemplate/misc/edge_browser_check-iframe.html
@@ -19,16 +19,15 @@
 <%init>
 my $cgi = FS::UID::cgi();
 my $curuser = $FS::CurrentUser::CurrentUser;
+my $session = $FS::CurrentUser::CurrentSession;
+my $sessionkey = $session->sessionkey if $session;
 
 if ( $curuser ) {
   my $canary = $cgi->param('edge_browser_canary');
   $curuser->set_pref(
     'edge_bug_vulnerable',
 
-    $canary eq 'test' ? 'Y' : 'Y',
-
-    # Don't test this user's session for the next 10m
-    time() + 600,
+    $canary eq 'test' ? $sessionkey : 'Y',
   );
 }
 

-----------------------------------------------------------------------

Summary of changes:
 httemplate/misc/edge_browser_check-header.html | 10 +++++++---
 httemplate/misc/edge_browser_check-iframe.html |  7 +++----
 2 files changed, 10 insertions(+), 7 deletions(-)

More information about the freeside-commits mailing list