diff options
| author | lbr <lbr@FreeBSD.org> | 2007-06-19 20:34:00 +0800 |
|---|---|---|
| committer | lbr <lbr@FreeBSD.org> | 2007-06-19 20:34:00 +0800 |
| commit | 5d2569cfdfb6a7b7e0f06d68cf5f4ad41f3a1830 (patch) | |
| tree | d7ce35d3ef26d907757068ec1f1b875e242dae21 | |
| parent | 1d75ae5408375951899c586c8e35be309a2228d6 (diff) | |
| download | freebsd-ports-gnome-5d2569cfdfb6a7b7e0f06d68cf5f4ad41f3a1830.tar.gz freebsd-ports-gnome-5d2569cfdfb6a7b7e0f06d68cf5f4ad41f3a1830.tar.zst freebsd-ports-gnome-5d2569cfdfb6a7b7e0f06d68cf5f4ad41f3a1830.zip | |
FormCanary will examine your outgoing HTML and add a canary value to
each form. When the form is submitted, the value of the canary is com-
pared against one saved in the session at page generation time. If the
canary that's sent doesn't match the one in the session (or there is no
canary at all), the request is halted.
There is no way to get params into your application without a correct
canary. This is good for preventing "cross-site request attacks".
This module is compatible with FormBuilder. Just drop it into your use
line and have secure submit-once-only forms. Yay.
Inspired by:
http://www.25hoursaday.com/weblog/2007/06/05/WhatRubyOnRailsCanLearnFromASPNET.a
spx
| -rw-r--r-- | www/Makefile | 1 | ||||
| -rw-r--r-- | www/p5-Catalyst-Plugin-FormCanary/Makefile | 32 | ||||
| -rw-r--r-- | www/p5-Catalyst-Plugin-FormCanary/distinfo | 3 | ||||
| -rw-r--r-- | www/p5-Catalyst-Plugin-FormCanary/pkg-descr | 16 | ||||
| -rw-r--r-- | www/p5-Catalyst-Plugin-FormCanary/pkg-plist | 7 |
5 files changed, 59 insertions, 0 deletions
diff --git a/www/Makefile b/www/Makefile index 7bc5b2a0b1d3..54acc420b03f 100644 --- a/www/Makefile +++ b/www/Makefile @@ -620,6 +620,7 @@ SUBDIR += p5-Catalyst-Plugin-DefaultEnd SUBDIR += p5-Catalyst-Plugin-FillInForm SUBDIR += p5-Catalyst-Plugin-FormBuilder + SUBDIR += p5-Catalyst-Plugin-FormCanary SUBDIR += p5-Catalyst-Plugin-FormValidator SUBDIR += p5-Catalyst-Plugin-FormValidator-Simple SUBDIR += p5-Catalyst-Plugin-HTML-Widget diff --git a/www/p5-Catalyst-Plugin-FormCanary/Makefile b/www/p5-Catalyst-Plugin-FormCanary/Makefile new file mode 100644 index 000000000000..f79119fda5dd --- /dev/null +++ b/www/p5-Catalyst-Plugin-FormCanary/Makefile @@ -0,0 +1,32 @@ +# Ports collection makefile for: p5-Catalyst-Plugin-FormCanary +# Date created: Jun 19, 2007 +# Whom: Lars Balker Rasmussen <lbr@FreeBSD.org> +# +# $FreeBSD$ +# + +PORTNAME= Catalyst-Plugin-FormCanary +PORTVERSION= 0.01 +CATEGORIES= www perl5 +MASTER_SITES= CPAN +PKGNAMEPREFIX= p5- + +MAINTAINER= lbr@FreeBSD.org +COMMENT= Check that forms are submitted from your site + +BUILD_DEPENDS= ${RUN_DEPENDS} +RUN_DEPENDS= p5-Catalyst-Runtime>=0:${PORTSDIR}/www/p5-Catalyst-Runtime \ + p5-Catalyst-Plugin-Session>=0:${PORTSDIR}/www/p5-Catalyst-Plugin-Session + +PERL_CONFIGURE= yes + +MAN3= Catalyst::Plugin::FormCanary.3 + +post-extract: + @${PERL} -i.bak -ne 'print unless m,build_requires,' ${WRKSRC}/Makefile.PL + +.include <bsd.port.pre.mk> +.if ${PERL_LEVEL} < 500801 +IGNORE= requires at least Perl 5.8.1. Install lang/perl5.8, and try again +.endif +.include <bsd.port.post.mk> diff --git a/www/p5-Catalyst-Plugin-FormCanary/distinfo b/www/p5-Catalyst-Plugin-FormCanary/distinfo new file mode 100644 index 000000000000..c9324ed12b96 --- /dev/null +++ b/www/p5-Catalyst-Plugin-FormCanary/distinfo @@ -0,0 +1,3 @@ +MD5 (Catalyst-Plugin-FormCanary-0.01.tar.gz) = b117620e80e2d4e4b6f9d04b07adef46 +SHA256 (Catalyst-Plugin-FormCanary-0.01.tar.gz) = 9e4ff6a82b152b87ee0cb72ded9acfe2a7052918b7ce9caa068676f262421169 +SIZE (Catalyst-Plugin-FormCanary-0.01.tar.gz) = 27084 diff --git a/www/p5-Catalyst-Plugin-FormCanary/pkg-descr b/www/p5-Catalyst-Plugin-FormCanary/pkg-descr new file mode 100644 index 000000000000..7dc6451ec692 --- /dev/null +++ b/www/p5-Catalyst-Plugin-FormCanary/pkg-descr @@ -0,0 +1,16 @@ +FormCanary will examine your outgoing HTML and add a canary value to +each form. When the form is submitted, the value of the canary is com- +pared against one saved in the session at page generation time. If the +canary that's sent doesn't match the one in the session (or there is no +canary at all), the request is halted. + +There is no way to get params into your application without a correct +canary. This is good for preventing "cross-site request attacks". + +This module is compatible with FormBuilder. Just drop it into your use +line and have secure submit-once-only forms. Yay. + +Inspired by: +http://www.25hoursaday.com/weblog/2007/06/05/WhatRubyOnRailsCanLearnFromASPNET.aspx + +WWW: http://search.cpan.org/dist/Catalyst-Plugin-FormCanary/ diff --git a/www/p5-Catalyst-Plugin-FormCanary/pkg-plist b/www/p5-Catalyst-Plugin-FormCanary/pkg-plist new file mode 100644 index 000000000000..a73ec7efe0ff --- /dev/null +++ b/www/p5-Catalyst-Plugin-FormCanary/pkg-plist @@ -0,0 +1,7 @@ +%%SITE_PERL%%/Catalyst/Plugin/FormCanary.pm +%%SITE_PERL%%/%%PERL_ARCH%%/auto/Catalyst/Plugin/FormCanary/.packlist +@dirrmtry %%SITE_PERL%%/Catalyst/Plugin +@dirrmtry %%SITE_PERL%%/Catalyst +@dirrmtry %%SITE_PERL%%/%%PERL_ARCH%%/auto/Catalyst/Plugin/FormCanary +@dirrmtry %%SITE_PERL%%/%%PERL_ARCH%%/auto/Catalyst/Plugin +@dirrmtry %%SITE_PERL%%/%%PERL_ARCH%%/auto/Catalyst |