• Your recent searches
Apache-AuthCAS
2 results

 view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN 

Revision history for mod_perl module Apache::AuthCAS

Release 0.5
===========
Sun Mar 23 15:23:09 PDT 2008
	- fixed a security vulnerability where a tainted cookie could be sent
	  by a malicious user and it would be used in an SQL query without
	  protection against SQL injection.  All database calls have been updated
	  to use bind parameters to prevent this possibility.
	- patch to allow for DBs other than PostgreSQL

Release 0.4
===========
1.7  Tue Oct 12 17:33:24 PDT 2004
	- fixed a bug which made AuthCAS only initialize once.  This meant that
	  only one configuration could be used on any host properly.  Fixed to
	  allow single-configuration setups for speed with STATIC_INITIALIZATION
	  flag.  This "enhancement" sneaked into 0.3 without being logged below =P

lib/Apache/AuthCAS.pm  view on Meta::CPAN 


	# retrieve a session object for this session id
	my $dbh = DBI->connect("dbi:$DB_DRIVER:dbname=$DB_NAME;host=$DB_HOST;port=$DB_PORT", $DB_USER, $DB_PASS, { AutoCommit => 1 });
	if (!defined($dbh)) {
		Apache->warn("$$: CAS: get_session_data(): db connect error: $DBI::errstr") unless ($LOG_LEVEL < $LOG_ERROR);
		return ();
	}
	my $sth = $dbh->prepare("SELECT last_accessed, uid, pgtiou FROM $DB_SESSION_TABLE WHERE id=?;");
	$sth->execute($sid);
	my ($last_accessed, $uid, $pgtiou);
	$sth->bind_columns(\$last_accessed, \$uid, \$pgtiou);
	my $result = $sth->fetch();
	$sth->finish();
	$dbh->disconnect();

	if ($result) {
		Apache->warn("$$: CAS: get_session_data(): got session data for sid='$sid': last_accessed='$last_accessed' uid='$uid' pgtiou='$pgtiou'") unless ($LOG_LEVEL < $LOG_DEBUG);
		return ($sid, $last_accessed, $uid, $pgtiou);
	}
	Apache->warn("$$: CAS: get_session_data(): couldn't get session data for sid='$sid'") unless ($LOG_LEVEL < $LOG_DEBUG);
	return ();

lib/Apache/AuthCAS.pm  view on Meta::CPAN 


	# retrieve a pgt for this pgtiou
	my $dbh = DBI->connect("dbi:$DB_DRIVER:dbname=$DB_NAME;host=$DB_HOST;port=$DB_PORT", $DB_USER, $DB_PASS, { AutoCommit => 1 });
	if (!defined($dbh)) {
		Apache->warn("$$: CAS: get_pgt(): db connect error: $DBI::errstr") unless ($LOG_LEVEL < $LOG_ERROR);
		return "";
	}
	my $sth = $dbh->prepare("SELECT pgt FROM $DB_PGTIOU_TABLE WHERE pgtiou=?;");
	$sth->execute($pgtiou);
	my $pgt;
	$sth->bind_col(1, \$pgt);
	my $result = $sth->fetch();
	$sth->finish();
	$dbh->disconnect();

	if ($result) {
		Apache->warn("$$: CAS: get_pgt(): got pgtiou/pgt map pgtiou='$pgtiou' pgt='$pgt'") unless ($LOG_LEVEL < $LOG_DEBUG);
		return $pgt;
	}
	Apache->warn("$$: CAS: get_pgt(): coudln't get pgtiou/pgt map pgtiou='$pgtiou'") unless ($LOG_LEVEL < $LOG_DEBUG);
	return "";



( run in 0.723 second using v1.01-cache-2.11-cpan-2398b32b56e )