liquid_feedback_frontend
changeset 224:bf735d8095aa beta32
Fixed security related bug, security tokens were exposed through trace output.
| author | bsw |
|---|---|
| date | Tue May 17 03:23:16 2011 +0200 (2011-05-17) |
| parents | bfd8d88f72fc |
| children | 6f3e5c56c514 |
| files | app/main/index/_action/reset_password.lua model/member.lua |
line diff
1.1 --- a/app/main/index/_action/reset_password.lua Sat Feb 05 19:47:35 2011 +0100 1.2 +++ b/app/main/index/_action/reset_password.lua Tue May 17 03:23:16 2011 +0200 1.3 @@ -1,3 +1,5 @@ 1.4 +trace.disable() 1.5 + 1.6 local secret = param.get("secret") 1.7 1.8 if not secret then
2.1 --- a/model/member.lua Sat Feb 05 19:47:35 2011 +0100 2.2 +++ b/model/member.lua Tue May 17 03:23:16 2011 +0200 2.3 @@ -313,6 +313,7 @@ 2.4 end 2.5 2.6 function Member.object:set_notify_email(notify_email) 2.7 + trace.disable() 2.8 local expiry = db:query("SELECT now() + '7 days'::interval as expiry", "object").expiry 2.9 self.notify_email_unconfirmed = notify_email 2.10 self.notify_email_secret = multirand.string( 24, "23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" )