The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
Build.PL 15
Changes 011
LICENSE 11
MANIFEST 01
META.json 33
META.yml 1313
lib/Plack/Middleware/Session/Cookie.pm 08
lib/Plack/Middleware/Session.pm 11
lib/Plack/Session/State/Cookie.pm 11
lib/Plack/Session/State.pm 11
lib/Plack/Session/Store/Cache.pm 11
lib/Plack/Session/Store/File.pm 11
lib/Plack/Session/Store/Null.pm 11
lib/Plack/Session/Store.pm 11
lib/Plack/Session.pm 11
t/release-pod-syntax.t 32
16 files changed (This is a version diff) 2952
@@ -1,3 +1,7 @@
+# This Build.PL for Plack-Middleware-Session was generated by Dist::Zilla::Plugin::ModuleBuildTiny 0.007.
+use strict;
+use warnings;
+
 use 5.006;
-use Module::Build::Tiny 0.030;
+use Module::Build::Tiny 0.037;
 Build_PL();
@@ -1,5 +1,16 @@
 Revision history for Perl extension Plack::Middleware::Session
 
+0.24  2014-09-05 04:47:55 PDT
+        - same as 0.23. not dev release
+
+0.23  2014-08-11 10:22:40 PDT
+        - Changed the warning to error, when secret is not set.
+
+0.22  2014-08-11 10:16:51 PDT
+        - Document the vunlerability of using this middleware without secret, and
+          warn when secret is not set on the runtime. In the next release the default
+          will be changed to require the secret. (mala)
+
 0.21  2013-10-12 11:41:37 PDT
         - use Cookie::Baker (kazeburo)
 
@@ -22,7 +22,7 @@ This is free software, licensed under:
                      Version 1, February 1989
 
  Copyright (C) 1989 Free Software Foundation, Inc.
- 51 Franklin St, Suite 500, Boston, MA  02110-1335  USA
+ 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
@@ -1,3 +1,4 @@
+# This file was automatically generated by Dist::Zilla::Plugin::Manifest v5.020.
 Build.PL
 Changes
 LICENSE
@@ -4,7 +4,7 @@
       "Tatsuhiko Miyagawa"
    ],
    "dynamic_config" : 0,
-   "generated_by" : "Dist::Milla version v1.0.4, Dist::Zilla version 4.300039, CPAN::Meta::Converter version 2.132830",
+   "generated_by" : "Dist::Milla version v1.0.5, Dist::Zilla version 5.020, CPAN::Meta::Converter version 2.142060",
    "license" : [
       "perl_5"
    ],
@@ -26,7 +26,7 @@
    "prereqs" : {
       "configure" : {
          "requires" : {
-            "Module::Build::Tiny" : "0.030"
+            "Module::Build::Tiny" : "0.037"
          }
       },
       "develop" : {
@@ -64,7 +64,7 @@
          "web" : "https://github.com/stevan/plack-middleware-session"
       }
    },
-   "version" : "0.21",
+   "version" : "0.24",
    "x_contributors" : [
       "Graham Knop <haarg@haarg.org>",
       "Lee Aylward <lee@laylward.com>",
@@ -3,19 +3,19 @@ abstract: 'Middleware for session management'
 author:
   - 'Tatsuhiko Miyagawa'
 build_requires:
-  HTTP::Cookies: 0
-  LWP::UserAgent: 0
-  Test::Fatal: 0.006
-  Test::More: 0.88
-  Test::Requires: 0
+  HTTP::Cookies: '0'
+  LWP::UserAgent: '0'
+  Test::Fatal: '0.006'
+  Test::More: '0.88'
+  Test::Requires: '0'
 configure_requires:
-  Module::Build::Tiny: 0.030
+  Module::Build::Tiny: '0.037'
 dynamic_config: 0
-generated_by: 'Dist::Milla version v1.0.4, Dist::Zilla version 4.300039, CPAN::Meta::Converter version 2.132830'
+generated_by: 'Dist::Milla version v1.0.5, Dist::Zilla version 5.020, CPAN::Meta::Converter version 2.142060'
 license: perl
 meta-spec:
   url: http://module-build.sourceforge.net/META-spec-v1.4.html
-  version: 1.4
+  version: '1.4'
 name: Plack-Middleware-Session
 no_index:
   directory:
@@ -26,15 +26,15 @@ no_index:
     - eg
     - examples
 requires:
-  Cookie::Baker: 0
-  Digest::HMAC_SHA1: 1.03
-  Digest::SHA1: 0
-  Plack: 0.9910
+  Cookie::Baker: '0'
+  Digest::HMAC_SHA1: '1.03'
+  Digest::SHA1: '0'
+  Plack: '0.9910'
 resources:
   bugtracker: https://github.com/stevan/plack-middleware-session/issues
   homepage: https://github.com/stevan/plack-middleware-session
   repository: https://github.com/stevan/plack-middleware-session.git
-version: 0.21
+version: '0.24'
 x_contributors:
   - 'Graham Knop <haarg@haarg.org>'
   - 'Lee Aylward <lee@laylward.com>'
@@ -16,6 +16,9 @@ use Plack::Session::State::Cookie;
 sub prepare_app {
     my $self = shift;
 
+    die "Plack::Session::Middleware::Cookie requires setting 'secret' option."
+      unless $self->secret;
+
     $self->session_key("plack_session") unless $self->session_key;
 
     $self->serializer(sub {MIME::Base64::encode(Storable::nfreeze($_[0]), '' )})
@@ -116,6 +119,11 @@ Server side secret to sign the session data using HMAC SHA1. Defaults
 to nothing (i.e. do not sign) but B<strongly recommended> to set your
 own secret string.
 
+Unless you use your own serializer/deserializer, running this
+middleware without setting a secret is vulnerable to arbitrary code
+execution. B<In the future release it will be required to set the
+secret>.
+
 =item session_key, domain, expires, path, secure, httponly
 
 Accessors for the cookie attributes. See
@@ -2,7 +2,7 @@ package Plack::Middleware::Session;
 use strict;
 use warnings;
 
-our $VERSION   = '0.21';
+our $VERSION   = '0.24';
 our $AUTHORITY = 'cpan:STEVAN';
 
 use Plack::Util;
@@ -2,7 +2,7 @@ package Plack::Session::State::Cookie;
 use strict;
 use warnings;
 
-our $VERSION   = '0.21';
+our $VERSION   = '0.24';
 our $AUTHORITY = 'cpan:STEVAN';
 
 use parent 'Plack::Session::State';
@@ -2,7 +2,7 @@ package Plack::Session::State;
 use strict;
 use warnings;
 
-our $VERSION   = '0.21';
+our $VERSION   = '0.24';
 our $AUTHORITY = 'cpan:STEVAN';
 
 use Digest::SHA1 ();
@@ -2,7 +2,7 @@ package Plack::Session::Store::Cache;
 use strict;
 use warnings;
 
-our $VERSION   = '0.21';
+our $VERSION   = '0.24';
 our $AUTHORITY = 'cpan:STEVAN';
 
 use Scalar::Util qw[ blessed ];
@@ -2,7 +2,7 @@ package Plack::Session::Store::File;
 use strict;
 use warnings;
 
-our $VERSION   = '0.21';
+our $VERSION   = '0.24';
 our $AUTHORITY = 'cpan:STEVAN';
 
 use Storable ();
@@ -2,7 +2,7 @@ package Plack::Session::Store::Null;
 use strict;
 use warnings;
 
-our $VERSION   = '0.21';
+our $VERSION   = '0.24';
 our $AUTHORITY = 'cpan:STEVAN';
 
 sub new     { bless {} => shift }
@@ -2,7 +2,7 @@ package Plack::Session::Store;
 use strict;
 use warnings;
 
-our $VERSION   = '0.21';
+our $VERSION   = '0.24';
 our $AUTHORITY = 'cpan:STEVAN';
 
 use Plack::Util::Accessor qw[ _stash ];
@@ -2,7 +2,7 @@ package Plack::Session;
 use strict;
 use warnings;
 
-our $VERSION   = '0.21';
+our $VERSION   = '0.24';
 our $AUTHORITY = 'cpan:STEVAN';
 
 use Plack::Util::Accessor qw( session options );
@@ -7,9 +7,8 @@ BEGIN {
   }
 }
 
+# This file was automatically generated by Dist::Zilla::Plugin::PodSyntaxTests.
 use Test::More;
-
-eval "use Test::Pod 1.41";
-plan skip_all => "Test::Pod 1.41 required for testing POD" if $@;
+use Test::Pod 1.41;
 
 all_pod_files_ok();