[DRE-commits] r4217 - trunk/redmine/debian/patches

Jérémy Lal kapouer-guest at alioth.debian.org
Mon Oct 5 00:07:10 UTC 2009 

Author: kapouer-guest
Date: 2009-10-05 00:07:08 +0000 (Mon, 05 Oct 2009)
New Revision: 4217

Added:
   trunk/redmine/debian/patches/02_sessions_store_active_record.patch
Log:
Forgot the patch file.

Added: trunk/redmine/debian/patches/02_sessions_store_active_record.patch
===================================================================
--- trunk/redmine/debian/patches/02_sessions_store_active_record.patch	                        (rev 0)
+++ trunk/redmine/debian/patches/02_sessions_store_active_record.patch	2009-10-05 00:07:08 UTC (rev 4217)
@@ -0,0 +1,37 @@
+By default, sessions are stored in cookies. Make them stored in database, this is more secure
+and it avoids bug #549453
+diff -Nur redmine-0.9.0~svn2903/config/environment.rb redmine-0.9.0~svn2903.new/config/environment.rb
+--- redmine-0.9.0~svn2903/config/environment.rb	2009-10-04 13:04:01.598551616 +0200
++++ redmine-0.9.0~svn2903.new/config/environment.rb	2009-10-04 13:06:05.202925674 +0200
+@@ -40,6 +40,11 @@
+ 
+   # Make Active Record use UTC-base instead of local time
+   # config.active_record.default_timezone = :utc
++
++  # Use the database for sessions instead of the cookie-based default,
++  # which shouldn't be used to store highly confidential information
++  # (create the session table with "rake db:sessions:create")
++  config.action_controller.session_store = :active_record_store
+   
+   # Use Active Record's schema dumper instead of SQL when creating the test database
+   # (enables use of different database adapters for development and test environments)
+diff -Nur redmine-0.9.0~svn2903/db/migrate/20091003152210_create_sessions.rb redmine-0.9.0~svn2903.new/db/migrate/20091003152210_create_sessions.rb
+--- redmine-0.9.0~svn2903/db/migrate/20091003152210_create_sessions.rb	1970-01-01 01:00:00.000000000 +0100
++++ redmine-0.9.0~svn2903.new/db/migrate/20091003152210_create_sessions.rb	2009-10-04 13:00:44.498528973 +0200
+@@ -0,0 +1,16 @@
++class CreateSessions < ActiveRecord::Migration
++  def self.up
++    create_table :sessions do |t|
++      t.string :session_id, :null => false
++      t.text :data
++      t.timestamps
++    end
++
++    add_index :sessions, :session_id
++    add_index :sessions, :updated_at
++  end
++
++  def self.down
++    drop_table :sessions
++  end
++end

More information about the Pkg-ruby-extras-commits mailing list