RT# 80624 Browser check repeats if session changes

author Mitch Jackson <mitch@freeside.biz>

Thu, 13 Sep 2018 04:44:54 +0000 (00:44 -0400)

committer Mitch Jackson <mitch@freeside.biz>

Thu, 20 Sep 2018 21:10:04 +0000 (17:10 -0400)
author Mitch Jackson <mitch@freeside.biz>
Thu, 13 Sep 2018 04:44:54 +0000 (00:44 -0400)
committer Mitch Jackson <mitch@freeside.biz>
Thu, 20 Sep 2018 21:10:04 +0000 (17:10 -0400)
diff --git a/httemplate/misc/edge_browser_check-header.html b/httemplate/misc/edge_browser_check-header.html

index e7666ae..a88962b 100644 (file)
--- a/httemplate/misc/edge_browser_check-header.html
+++ b/httemplate/misc/edge_browser_check-header.html
@@ -18,7 +18,10 @@
    </script>
  % }
  <%init>
-my $curuser = $FS::CurrentUser::CurrentUser;
+my $curuser    = $FS::CurrentUser::CurrentUser;
+my $session    = $FS::CurrentUser::CurrentSession;
+my $sessionkey = $session->sessionkey if $session;
+
  my $cgi = FS::UID::cgi();
  my $DEBUG = 0;
  
@@ -26,7 +29,8 @@ my $do_check = 0;
  $do_check = 1
    if $curuser
    && !$cgi->param('edge_browser_check')
-  && $curuser->get_pref('edge_bug_vulnerable') ne 'N';
+  && $sessionkey
+  && $curuser->get_pref('edge_bug_vulnerable') ne $sessionkey;
  
  my $force_redirect = $curuser->get_pref('edge_bug_vulnerable') eq 'Y' ? 1 : 0;
-</%init>
-\ No newline at end of file
+</%init>
diff --git a/httemplate/misc/edge_browser_check-iframe.html b/httemplate/misc/edge_browser_check-iframe.html

index e804fc6..61ae9a0 100644 (file)
--- a/httemplate/misc/edge_browser_check-iframe.html
+++ b/httemplate/misc/edge_browser_check-iframe.html
@@ -19,16 +19,15 @@
  <%init>
  my $cgi = FS::UID::cgi();
  my $curuser = $FS::CurrentUser::CurrentUser;
+my $session = $FS::CurrentUser::CurrentSession;
+my $sessionkey = $session->sessionkey if $session;
  
  if ( $curuser ) {
    my $canary = $cgi->param('edge_browser_canary');
    $curuser->set_pref(
      'edge_bug_vulnerable',
  
-    $canary eq 'test' ? 'Y' : 'Y',
-
-    # Don't test this user's session for the next 10m
-    time() + 600,
+    $canary eq 'test' ? $sessionkey : 'Y',
    );
  }
author	Mitch Jackson <mitch@freeside.biz>
	Thu, 13 Sep 2018 04:44:54 +0000 (00:44 -0400)
committer	Mitch Jackson <mitch@freeside.biz>
	Thu, 20 Sep 2018 21:10:04 +0000 (17:10 -0400)
httemplate/misc/edge_browser_check-header.html		patch \| blob \| history
httemplate/misc/edge_browser_check-iframe.html		patch \| blob \| history