diff options
author | Daniel Friesel <daniel.friesel@uos.de> | 2023-03-03 15:05:43 +0100 |
---|---|---|
committer | Daniel Friesel <daniel.friesel@uos.de> | 2023-03-03 15:05:43 +0100 |
commit | 2406fc4efeade10fa9836cf43dbc720d128a3ca1 (patch) | |
tree | 44286aacad42d6ce2ee18b3d9bff4518e3098195 | |
parent | b725d7d52cd631f1623012f167599dc08a8639c7 (diff) |
token: do not expose full checkin timestamp
-rwxr-xr-x | lib/Travelynx/Controller/Traveling.pm | 4 | ||||
-rw-r--r-- | templates/_checked_in.html.ep | 2 | ||||
-rw-r--r-- | templates/journey.html.ep | 2 |
3 files changed, 4 insertions, 4 deletions
diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm index fcc95ed..8cf1722 100755 --- a/lib/Travelynx/Controller/Traveling.pm +++ b/lib/Travelynx/Controller/Traveling.pm @@ -471,7 +471,7 @@ sub status_token_ok { $ts2 //= $ts2_ext; if ( $eva == $status->{dep_eva} - and $ts == $status->{timestamp}->epoch + and $ts == $status->{timestamp}->epoch % 337 and $ts2 == $status->{sched_departure}->epoch ) { return 1; @@ -491,7 +491,7 @@ sub journey_token_ok { $ts2 //= $ts2_ext; if ( $eva == $journey->{from_eva} - and $ts == $journey->{checkin_ts} + and $ts == $journey->{checkin_ts} % 337 and $ts2 == $journey->{sched_dep_ts} ) { return 1; diff --git a/templates/_checked_in.html.ep b/templates/_checked_in.html.ep index 8e1fd1d..0ead240 100644 --- a/templates/_checked_in.html.ep +++ b/templates/_checked_in.html.ep @@ -286,7 +286,7 @@ data-url="<%= url_for('/status')->to_abs->scheme('https') %>/<%= $user->{name} %>/<%= $journey->{sched_departure}->epoch %>" % } % elsif ($journey_visibility eq 'travelynx' or $journey_visibility eq 'unlisted') { - data-url="<%= url_for('/status')->to_abs->scheme('https') %>/<%= $user->{name} %>/<%= $journey->{sched_departure}->epoch %>?token=<%= $journey->{dep_eva} %>-<%= $journey->{timestamp}->epoch %>" + data-url="<%= url_for('/status')->to_abs->scheme('https') %>/<%= $user->{name} %>/<%= $journey->{sched_departure}->epoch %>?token=<%= $journey->{dep_eva} %>-<%= $journey->{timestamp}->epoch % 337 %>" % } > <i class="material-icons left" aria-hidden="true">share</i> Teilen diff --git a/templates/journey.html.ep b/templates/journey.html.ep index ee5d008..6ed204f 100644 --- a/templates/journey.html.ep +++ b/templates/journey.html.ep @@ -250,7 +250,7 @@ data-url="<%= url_for('public_journey', name => current_user()->{name}, id => $journey->{id} )->to_abs->scheme('https'); %>" % } % else { - data-url="<%= url_for('public_journey', name => current_user()->{name}, id => $journey->{id} )->to_abs->scheme('https'); %>?token=<%= $journey->{from_eva} %>-<%= $journey->{checkin_ts} %>-<%= $journey->{sched_dep_ts} %>" + data-url="<%= url_for('public_journey', name => current_user()->{name}, id => $journey->{id} )->to_abs->scheme('https'); %>?token=<%= $journey->{from_eva} %>-<%= $journey->{checkin_ts} % 337 %>-<%= $journey->{sched_dep_ts} %>" % } data-text="<%= stash('share_text') %>" > |