aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess <joeyh@joeyh.name>2017-08-23 13:13:23 -0400
committerJoey Hess <joeyh@joeyh.name>2017-08-23 13:13:23 -0400
commite3dfb26b904edb4645fee4b43e93a6d54e2e8041 (patch)
treec350e1fd5bd8739f92d865e1ab56ab9d72b016c7
parent056349a7f0cf3dd470cdd9633b7fe955fb03268f (diff)
downloadikiwiki-e3dfb26b904edb4645fee4b43e93a6d54e2e8041.tar
ikiwiki-e3dfb26b904edb4645fee4b43e93a6d54e2e8041.tar.gz
emailauth, passwordauth: Avoid leaving cgisess_* files in the system temp directory.
Due to the use/abuse of CGI::Session to generate a token for the login process, a new session database was created for each login, and left behind afterwards. While each file is small, with many logings this could bloat the size of /tmp significantly. Fixed by making CGI::Session write to /dev/null, since there does not seem to be a way to entirely prevent the writing. This commit was sponsored by Henrik Riomar on Patreon.
-rw-r--r--IkiWiki/Plugin/emailauth.pm2
-rw-r--r--IkiWiki/Plugin/passwordauth.pm2
-rw-r--r--debian/changelog4
3 files changed, 6 insertions, 2 deletions
diff --git a/IkiWiki/Plugin/emailauth.pm b/IkiWiki/Plugin/emailauth.pm
index 6674fe3d6..9c595dc86 100644
--- a/IkiWiki/Plugin/emailauth.pm
+++ b/IkiWiki/Plugin/emailauth.pm
@@ -148,7 +148,7 @@ sub gentoken ($$) {
my $session=shift;
eval q{use CGI::Session};
error($@) if $@;
- my $token = CGI::Session->new->id;
+ my $token = CGI::Session->new("driver:DB_File", undef, {FileName => "/dev/null"})->id;
IkiWiki::userinfo_set($email, "emailauthexpire", time+(60*60*24));
IkiWiki::userinfo_set($email, "emailauth", $token);
IkiWiki::userinfo_set($email, "emailauthpostsignin", defined $session->param("postsignin") ? $session->param("postsignin") : "");
diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm
index 33b8efbed..8d99cf2f6 100644
--- a/IkiWiki/Plugin/passwordauth.pm
+++ b/IkiWiki/Plugin/passwordauth.pm
@@ -113,7 +113,7 @@ sub gentoken ($$;$) {
eval q{use CGI::Session};
error($@) if $@;
- my $token = CGI::Session->new->id;
+ my $token = CGI::Session->new("driver:DB_File", undef, {FileName => "/dev/null"})->id;
if (! $reversable) {
setpassword($user, $token, $tokenfield);
}
diff --git a/debian/changelog b/debian/changelog
index 9c114bc3a..55a55bba0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,10 @@ ikiwiki (3.20170623) UNRELEASED; urgency=medium
* core: Don't decode the result of strftime if it is already tagged as
UTF-8, as it might be since Perl >= 5.21.1. (Closes: #869240)
+ [ Joey Hess ]
+ * emailauth, passwordauth: Avoid leaving cgisess_* files in the
+ system temp directory.
+
-- Joey Hess <id@joeyh.name> Tue, 11 Jul 2017 15:48:39 -0400
ikiwiki (3.20170622) unstable; urgency=medium