[SCM] Debian Packaging for CAP::ProtectCSRF branch, master, updated. 0b082d12fcfe261a0ca2155fd2283992b929981c
Nicholas Bamber
nicholas at periapt.co.uk
Thu Nov 10 21:40:37 UTC 2011
The following commit has been merged in the master branch:
commit 63773b0f343e39cc458208ffde266403e1d332b6
Author: Nicholas Bamber <nicholas at periapt.co.uk>
Date: Thu Nov 10 08:28:28 2011 +0000
proof read man page
diff --git a/debian/patches/digest-sha.patch b/debian/patches/digest-sha.patch
index 63e8e6a..c94dc5d 100644
--- a/debian/patches/digest-sha.patch
+++ b/debian/patches/digest-sha.patch
@@ -62,7 +62,7 @@ Last-Update: 2011-11-07
our(
@@ -222,12 +222,6 @@
- =item csrf_error_mode - The L<CGI::Application> runmode name. This defaults to C<_csrf_error>.
+ =item B<csrf_error_mode> - The L<CGI::Application> runmode name. This defaults to C<_csrf_error>.
-=for comment
-
@@ -71,23 +71,18 @@ Last-Update: 2011-11-07
-
-=end comment
- =item csrf_error_tmpl - The HTML displayed in the event of a CSRF attack being
+ =item B<csrf_error_tmpl> - The HTML displayed in the event of a CSRF attack being
detected in the form of a scalarref or filepath or filehandle. One may
-@@ -237,13 +231,6 @@
- =item csrf_error_tmpl_param - A hashref of parameters to be placed in the
+@@ -237,7 +231,7 @@
+ =item B<csrf_error_tmpl_param> - A hashref of parameters to be placed in the
above template. See L<HTML::Template>.
-=for comment
--
--The Debian maintainer thinks other templating systems should work but is
--unlikely to experiment with this in the near future.
--
--=end comment
--
- =item csrf_id - The name of the session parameter used to store the CSRF ticket.This defaults to C<_csrf_id>.
++=begin comment
- =item csrf_post_only - If set non-POST requests to a run mode which is protected
-@@ -251,6 +238,17 @@
+ The Debian maintainer thinks other templating systems should work but is
+ unlikely to experiment with this in the near future.
+@@ -251,6 +245,17 @@
=back
@@ -105,7 +100,7 @@ Last-Update: 2011-11-07
Example:
sub cgiapp_init {
-@@ -492,7 +490,7 @@
+@@ -492,7 +497,7 @@
L<Carp>,
L<CGI::Application>,
L<CGI::Application::Plugin::Session>,
diff --git a/debian/patches/suggested_english.patch b/debian/patches/suggested_english.patch
index 3fcf5d7..37e5dec 100644
--- a/debian/patches/suggested_english.patch
+++ b/debian/patches/suggested_english.patch
@@ -38,7 +38,7 @@ Last-Upate: 2011-11-09
+ticket, is added to the form during a postrun callback. Conversely the
+C<ProtectCSRF> attribute should normally be applied to the corresponding
+run modes that process data from a submitted form. A prerun callback checks
-+for a the hidden field and checks that it matches the ticket saved
++for the hidden field and checks that it matches the ticket saved
+in the session. If the check fails the page is redirected to a
+customizable error page. On success the form processing run mode should
+use the C<clear_csrf_id> method, so that subsequent calls to forms from that
@@ -77,11 +77,11 @@ Last-Upate: 2011-11-09
+
+=over
+
-+=item generate CSRF ticket and store it in the session;
++=item - generate CSRF ticket and store it in the session;
+
-+=item generate the form as per the module code;
++=item - generate the form as per the module code;
+
-+=item add a hidden element to the form publishing the CSRF ticket.
++=item - add a hidden element to the form publishing the CSRF ticket.
+
+=back
@@ -100,13 +100,13 @@ Last-Upate: 2011-11-09
+
+=over
+
-+=item verify that the submitted CSRF ticket matches the ticket saved in the
++=item - verify that the submitted CSRF ticket matches the ticket saved in the
+session. If there is any sort of issue with the ticket the page is
+redirected to a customizable error page;
+
-+=item the form is processed as per the module code;
++=item - the form is processed as per the module code;
+
-+=item the form should call the C<clear_csfr_id> method so that subsequent forms
++=item - the form should call the C<clear_csfr_id> method so that subsequent forms
+generate fresh tickets. The code does not do this because if the form validation
+fails it might be best to retain the same ticket.
+
@@ -146,10 +146,10 @@ Last-Upate: 2011-11-09
+
+=over
+
-+=item csrf_error_status - The HTTP status code that would be set on the
++=item B<csrf_error_status> - The HTTP status code that would be set on the
+CSRF error page if a CSRF attack is identified. It defaults to 200.
+
-+=item csrf_error_mode - The L<CGI::Application> runmode name. This defaults to C<_csrf_error>.
++=item B<csrf_error_mode> - The L<CGI::Application> runmode name. This defaults to C<_csrf_error>.
+
+=for comment
+
@@ -158,12 +158,12 @@ Last-Upate: 2011-11-09
+
+=end comment
+
-+=item csrf_error_tmpl - The HTML displayed in the event of a CSRF attack being
++=item B<csrf_error_tmpl> - The HTML displayed in the event of a CSRF attack being
+detected in the form of a scalarref or filepath or filehandle. One may
+consider L<HTML::Template> for inspiration on thse formats. The default is
+C<$CSRF_ERROR_TMPL> which is a scalarref.
+
-+=item csrf_error_tmpl_param - A hashref of parameters to be placed in the
++=item B<csrf_error_tmpl_param> - A hashref of parameters to be placed in the
+above template. See L<HTML::Template>.
+
+=for comment
@@ -173,10 +173,10 @@ Last-Upate: 2011-11-09
+
+=end comment
+
-+=item csrf_id - The name of the session parameter used to store the CSRF ticket.This defaults to C<_csrf_id>.
++=item B<csrf_id> - The name of the session parameter used to store the CSRF ticket.This defaults to C<_csrf_id>.
-Option:
-+=item csrf_post_only - If set non-POST requests to a run mode which is protected
++=item B<csrf_post_only> - If set non-POST requests to a run mode which is protected
+by this module would be rejected. By default this is 0.
- csrf_error_status : CSRF error status code (default: 200)
--
Debian Packaging for CAP::ProtectCSRF
More information about the Pkg-perl-cvs-commits
mailing list