[pve-devel] r6040 - in pve-manager/pve2: lib/PVE www/new

[svn-commits at proxmox.com]

Author: dietmar
Date: 2011-05-30 08:52:14 +0200 (Mon, 30 May 2011)
New Revision: 6040

Modified:
   pve-manager/pve2/lib/PVE/REST.pm
   pve-manager/pve2/www/new/index.pl
Log:
fix CSRF code


Modified: pve-manager/pve2/lib/PVE/REST.pm
===================================================================
--- pve-manager/pve2/lib/PVE/REST.pm	2011-05-30 06:51:40 UTC (rev 6039)
+++ pve-manager/pve2/lib/PVE/REST.pm	2011-05-30 06:52:14 UTC (rev 6040)
@@ -304,7 +304,7 @@
 
 	    ($username, $age) = PVE::AccessControl::verify_ticket($ticket);
 
-	    PVE::AccessControl::verify_csrf_prevention_token($ticket, $token)
+	    PVE::AccessControl::verify_csrf_prevention_token($username, $token)
 		if ($euid != 0) && ($method ne 'GET');
 	};
 	if (my $err = $@) {

Modified: pve-manager/pve2/www/new/index.pl
===================================================================
--- pve-manager/pve2/www/new/index.pl	2011-05-30 06:51:40 UTC (rev 6039)
+++ pve-manager/pve2/www/new/index.pl	2011-05-30 06:52:14 UTC (rev 6040)
@@ -31,7 +31,7 @@
 if (my $cookie = $r->headers_in->{Cookie}) {
     my $ticket = PVE::REST::extract_auth_cookie($cookie);
     if (($username = PVE::AccessControl::verify_ticket($ticket, 1))) {
-	$token = PVE::AccessControl::assemble_csrf_prevention_token($ticket);
+	$token = PVE::AccessControl::assemble_csrf_prevention_token($username);
     }
 }
 my $version = PVE::pvecfg::version() . "/" . PVE::pvecfg::repoid();