[interchange-cvs] interchange - heins modified 3 files
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Fri Jan 30 12:35:03 EST 2004
User: heins
Date: 2004-01-30 17:35:03 GMT
Modified: lib/Vend Error.pm Dispatch.pm
Modified: code/SystemTag dump.coretag
Log:
* Define a set of CGI keys that we don't want to save to disk, as
@Global::HideCGI.
* Allow [dump no-cgi=1 no-session=1 no-env=1] to finetune dump.
* Don't show sensitive (i.e. @Global::HideCGI) CGI variables in a dump.
This allows saving a session to disk for diagnositic purposes in case
of order failure.
* This will be backpatched.
Revision Changes Path
2.8 +27 -14 interchange/lib/Vend/Error.pm
rev 2.8, prev_rev 2.7
Index: Error.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Error.pm,v
retrieving revision 2.7
retrieving revision 2.8
diff -u -r2.7 -r2.8
--- Error.pm 18 Jun 2003 17:34:44 -0000 2.7
+++ Error.pm 30 Jan 2004 17:35:03 -0000 2.8
@@ -1,6 +1,6 @@
# Vend::Error - Handle Interchange error pages and messages
#
-# $Id: Error.pm,v 2.7 2003/06/18 17:34:44 jon Exp $
+# $Id: Error.pm,v 2.8 2004/01/30 17:35:03 mheins Exp $
#
# Copyright (C) 2002-2003 Interchange Development Group
# Copyright (C) 1996-2002 Red Hat, Inc.
@@ -38,7 +38,7 @@
use vars qw/$VERSION/;
-$VERSION = substr(q$Revision: 2.7 $, 10);
+$VERSION = substr(q$Revision: 2.8 $, 10);
sub get_locale_message {
my ($code, $message, @arg) = @_;
@@ -111,6 +111,7 @@
sub full_dump {
my $portion = shift;
+ my $opt = shift || {};
my $out = '';
if($portion) {
$out .= "###### SESSION ($portion) #####\n";
@@ -122,20 +123,32 @@
$out = minidump();
local($Data::Dumper::Indent) = 2;
- $out .= "###### ENVIRONMENT #####\n";
- if(my $h = ::http()) {
- $out .= uneval($h->{env});
+ unless ($opt->{no_env}) {
+ $out .= "###### ENVIRONMENT #####\n";
+ if(my $h = ::http()) {
+ $out .= uneval($h->{env});
+ }
+ else {
+ $out .= uneval(\%ENV);
+ }
+ $out .= "\n###### END ENVIRONMENT #####\n";
}
- else {
- $out .= uneval(\%ENV);
+ unless($opt->{no_cgi}) {
+ my %cgi = %CGI::values;
+ unless($opt->{show_all}) {
+ for(@Global::HideCGI) {
+ delete $cgi{$_};
+ }
+ }
+ $out .= "###### CGI VALUES #####\n";
+ $out .= uneval(\%cgi);
+ $out .= "\n###### END CGI VALUES #####\n";
+ }
+ unless($opt->{no_session}) {
+ $out .= "###### SESSION #####\n";
+ $out .= uneval($Vend::Session);
+ $out .= "\n###### END SESSION #####\n";
}
- $out .= "\n###### END ENVIRONMENT #####\n";
- $out .= "###### CGI VALUES #####\n";
- $out .= uneval(\%CGI::values);
- $out .= "\n###### END CGI VALUES #####\n";
- $out .= "###### SESSION #####\n";
- $out .= uneval($Vend::Session);
- $out .= "\n###### END SESSION #####\n";
$out =~ s/\0/\\0/g;
return $out;
}
1.29 +12 -2 interchange/lib/Vend/Dispatch.pm
rev 1.29, prev_rev 1.28
Index: Dispatch.pm
===================================================================
RCS file: /var/cvs/interchange/lib/Vend/Dispatch.pm,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- Dispatch.pm 6 Dec 2003 22:52:36 -0000 1.28
+++ Dispatch.pm 30 Jan 2004 17:35:03 -0000 1.29
@@ -1,6 +1,6 @@
# Vend::Dispatch - Handle Interchange page requests
#
-# $Id: Dispatch.pm,v 1.28 2003/12/06 22:52:36 mheins Exp $
+# $Id: Dispatch.pm,v 1.29 2004/01/30 17:35:03 mheins Exp $
#
# Copyright (C) 2002-2003 Interchange Development Group
# Copyright (C) 2002 Mike Heins <mike at perusion.net>
@@ -26,7 +26,7 @@
package Vend::Dispatch;
use vars qw($VERSION);
-$VERSION = substr(q$Revision: 1.28 $, 10);
+$VERSION = substr(q$Revision: 1.29 $, 10);
use POSIX qw(strftime);
use Vend::Util;
@@ -152,6 +152,16 @@
if defined $extra;
}
}
+
+## This is the set of variables we don't want to dump or save in
+## sessions for security reasons.
+ at Global::HideCGI = qw(
+ mv_password
+ mv_verify
+ mv_password_old
+ mv_credit_card_number
+ mv_credit_card_cvv2
+ );
# This is the set of CGI-passed variables to ignore, in other words
# never set in the user session. If set in the mv_check pass, though,
1.2 +1 -0 interchange/code/SystemTag/dump.coretag
rev 1.2, prev_rev 1.1
Index: dump.coretag
===================================================================
RCS file: /var/cvs/interchange/code/SystemTag/dump.coretag,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- dump.coretag 29 Jan 2002 05:52:38 -0000 1.1
+++ dump.coretag 30 Jan 2004 17:35:03 -0000 1.2
@@ -1,3 +1,4 @@
UserTag dump Order key
+UserTag dump addAttr
UserTag dump PosNumber 1
UserTag dump MapRoutine ::full_dump
More information about the interchange-cvs
mailing list