@@ -1,3 +1,7 @@
+# This Build.PL for Plack-Middleware-Session was generated by Dist::Zilla::Plugin::ModuleBuildTiny 0.007.
+use strict;
+use warnings;
+
use 5.006;
-use Module::Build::Tiny 0.030;
+use Module::Build::Tiny 0.037;
Build_PL();
@@ -1,5 +1,16 @@
Revision history for Perl extension Plack::Middleware::Session
+0.24 2014-09-05 04:47:55 PDT
+ - same as 0.23. not dev release
+
+0.23 2014-08-11 10:22:40 PDT
+ - Changed the warning to error, when secret is not set.
+
+0.22 2014-08-11 10:16:51 PDT
+ - Document the vunlerability of using this middleware without secret, and
+ warn when secret is not set on the runtime. In the next release the default
+ will be changed to require the secret. (mala)
+
0.21 2013-10-12 11:41:37 PDT
- use Cookie::Baker (kazeburo)
@@ -22,7 +22,7 @@ This is free software, licensed under:
Version 1, February 1989
Copyright (C) 1989 Free Software Foundation, Inc.
- 51 Franklin St, Suite 500, Boston, MA 02110-1335 USA
+ 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
@@ -1,3 +1,4 @@
+# This file was automatically generated by Dist::Zilla::Plugin::Manifest v5.020.
Build.PL
Changes
LICENSE
@@ -4,7 +4,7 @@
"Tatsuhiko Miyagawa"
],
"dynamic_config" : 0,
- "generated_by" : "Dist::Milla version v1.0.4, Dist::Zilla version 4.300039, CPAN::Meta::Converter version 2.132830",
+ "generated_by" : "Dist::Milla version v1.0.5, Dist::Zilla version 5.020, CPAN::Meta::Converter version 2.142060",
"license" : [
"perl_5"
],
@@ -26,7 +26,7 @@
"prereqs" : {
"configure" : {
"requires" : {
- "Module::Build::Tiny" : "0.030"
+ "Module::Build::Tiny" : "0.037"
}
},
"develop" : {
@@ -64,7 +64,7 @@
"web" : "https://github.com/stevan/plack-middleware-session"
}
},
- "version" : "0.21",
+ "version" : "0.24",
"x_contributors" : [
"Graham Knop <haarg@haarg.org>",
"Lee Aylward <lee@laylward.com>",
@@ -3,19 +3,19 @@ abstract: 'Middleware for session management'
author:
- 'Tatsuhiko Miyagawa'
build_requires:
- HTTP::Cookies: 0
- LWP::UserAgent: 0
- Test::Fatal: 0.006
- Test::More: 0.88
- Test::Requires: 0
+ HTTP::Cookies: '0'
+ LWP::UserAgent: '0'
+ Test::Fatal: '0.006'
+ Test::More: '0.88'
+ Test::Requires: '0'
configure_requires:
- Module::Build::Tiny: 0.030
+ Module::Build::Tiny: '0.037'
dynamic_config: 0
-generated_by: 'Dist::Milla version v1.0.4, Dist::Zilla version 4.300039, CPAN::Meta::Converter version 2.132830'
+generated_by: 'Dist::Milla version v1.0.5, Dist::Zilla version 5.020, CPAN::Meta::Converter version 2.142060'
license: perl
meta-spec:
url: http://module-build.sourceforge.net/META-spec-v1.4.html
- version: 1.4
+ version: '1.4'
name: Plack-Middleware-Session
no_index:
directory:
@@ -26,15 +26,15 @@ no_index:
- eg
- examples
requires:
- Cookie::Baker: 0
- Digest::HMAC_SHA1: 1.03
- Digest::SHA1: 0
- Plack: 0.9910
+ Cookie::Baker: '0'
+ Digest::HMAC_SHA1: '1.03'
+ Digest::SHA1: '0'
+ Plack: '0.9910'
resources:
bugtracker: https://github.com/stevan/plack-middleware-session/issues
homepage: https://github.com/stevan/plack-middleware-session
repository: https://github.com/stevan/plack-middleware-session.git
-version: 0.21
+version: '0.24'
x_contributors:
- 'Graham Knop <haarg@haarg.org>'
- 'Lee Aylward <lee@laylward.com>'
@@ -16,6 +16,9 @@ use Plack::Session::State::Cookie;
sub prepare_app {
my $self = shift;
+ die "Plack::Session::Middleware::Cookie requires setting 'secret' option."
+ unless $self->secret;
+
$self->session_key("plack_session") unless $self->session_key;
$self->serializer(sub {MIME::Base64::encode(Storable::nfreeze($_[0]), '' )})
@@ -116,6 +119,11 @@ Server side secret to sign the session data using HMAC SHA1. Defaults
to nothing (i.e. do not sign) but B<strongly recommended> to set your
own secret string.
+Unless you use your own serializer/deserializer, running this
+middleware without setting a secret is vulnerable to arbitrary code
+execution. B<In the future release it will be required to set the
+secret>.
+
=item session_key, domain, expires, path, secure, httponly
Accessors for the cookie attributes. See
@@ -2,7 +2,7 @@ package Plack::Middleware::Session;
use strict;
use warnings;
-our $VERSION = '0.21';
+our $VERSION = '0.24';
our $AUTHORITY = 'cpan:STEVAN';
use Plack::Util;
@@ -2,7 +2,7 @@ package Plack::Session::State::Cookie;
use strict;
use warnings;
-our $VERSION = '0.21';
+our $VERSION = '0.24';
our $AUTHORITY = 'cpan:STEVAN';
use parent 'Plack::Session::State';
@@ -2,7 +2,7 @@ package Plack::Session::State;
use strict;
use warnings;
-our $VERSION = '0.21';
+our $VERSION = '0.24';
our $AUTHORITY = 'cpan:STEVAN';
use Digest::SHA1 ();
@@ -2,7 +2,7 @@ package Plack::Session::Store::Cache;
use strict;
use warnings;
-our $VERSION = '0.21';
+our $VERSION = '0.24';
our $AUTHORITY = 'cpan:STEVAN';
use Scalar::Util qw[ blessed ];
@@ -2,7 +2,7 @@ package Plack::Session::Store::File;
use strict;
use warnings;
-our $VERSION = '0.21';
+our $VERSION = '0.24';
our $AUTHORITY = 'cpan:STEVAN';
use Storable ();
@@ -2,7 +2,7 @@ package Plack::Session::Store::Null;
use strict;
use warnings;
-our $VERSION = '0.21';
+our $VERSION = '0.24';
our $AUTHORITY = 'cpan:STEVAN';
sub new { bless {} => shift }
@@ -2,7 +2,7 @@ package Plack::Session::Store;
use strict;
use warnings;
-our $VERSION = '0.21';
+our $VERSION = '0.24';
our $AUTHORITY = 'cpan:STEVAN';
use Plack::Util::Accessor qw[ _stash ];
@@ -2,7 +2,7 @@ package Plack::Session;
use strict;
use warnings;
-our $VERSION = '0.21';
+our $VERSION = '0.24';
our $AUTHORITY = 'cpan:STEVAN';
use Plack::Util::Accessor qw( session options );
@@ -7,9 +7,8 @@ BEGIN {
}
}
+# This file was automatically generated by Dist::Zilla::Plugin::PodSyntaxTests.
use Test::More;
-
-eval "use Test::Pod 1.41";
-plan skip_all => "Test::Pod 1.41 required for testing POD" if $@;
+use Test::Pod 1.41;
all_pod_files_ok();