changeset 5472:bba0ab704aa9

backport of moin/1.9 cs 5469:cce24183de9e, improve ticketing security
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 01 Feb 2010 01:31:15 +0100
parents a8c445a6d37e
children 0eab7483b474
files MoinMoin/wikiutil.py
diffstat 1 files changed, 10 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/wikiutil.py	Tue Dec 15 05:46:53 2009 +0100
+++ b/MoinMoin/wikiutil.py	Mon Feb 01 01:31:15 2010 +0100
@@ -2452,6 +2452,16 @@
     digest = sha.new(request.cfg.secrets)
     digest.update(ticket)
 
+    if request.session:
+        sid = request.session.name
+    else:
+        sid = 'None'
+    if request.user.valid:
+        uid = request.user.id
+    else:
+        uid = 'None'
+    digest.update(sid+uid)
+
     return "%s.%s" % (ticket, digest.hexdigest())
 
 def checkTicket(request, ticket):