Mirrors/travelynx
2
0
Fork 0
mirror of https://github.com/derf/travelynx synced 2024-12-02 09:19:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

token: do not expose full checkin timestamp

Browse source
This commit is contained in:
Daniel Friesel 2023-03-03 15:05:43 +01:00
parent b725d7d52c
commit 2406fc4efe
3 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/Travelynx/Controller/Traveling.pm
View file

@ -471,7 +471,7 @@ sub status_token_ok {
$ts2 //= $ts2_ext;
if ( $eva == $status->{dep_eva}
and $ts == $status->{timestamp}->epoch
and $ts == $status->{timestamp}->epoch % 337
and $ts2 == $status->{sched_departure}->epoch )
{
return 1;
@ -491,7 +491,7 @@ sub journey_token_ok {
$ts2 //= $ts2_ext;
if ( $eva == $journey->{from_eva}
and $ts == $journey->{checkin_ts}
and $ts == $journey->{checkin_ts} % 337
and $ts2 == $journey->{sched_dep_ts} )
{
return 1;

2
templates/_checked_in.html.ep
View file

@ -286,7 +286,7 @@
data-url="<%= url_for('/status')->to_abs->scheme('https') %>/<%= $user->{name} %>/<%= $journey->{sched_departure}->epoch %>"
% }
% elsif ($journey_visibility eq 'travelynx' or $journey_visibility eq 'unlisted') {
data-url="<%= url_for('/status')->to_abs->scheme('https') %>/<%= $user->{name} %>/<%= $journey->{sched_departure}->epoch %>?token=<%= $journey->{dep_eva} %>-<%= $journey->{timestamp}->epoch %>"
data-url="<%= url_for('/status')->to_abs->scheme('https') %>/<%= $user->{name} %>/<%= $journey->{sched_departure}->epoch %>?token=<%= $journey->{dep_eva} %>-<%= $journey->{timestamp}->epoch % 337 %>"
% }
>
<i class="material-icons left" aria-hidden="true">share</i> Teilen

2
templates/journey.html.ep
View file

@ -250,7 +250,7 @@
data-url="<%= url_for('public_journey', name => current_user()->{name}, id => $journey->{id} )->to_abs->scheme('https'); %>"
% }
% else {
data-url="<%= url_for('public_journey', name => current_user()->{name}, id => $journey->{id} )->to_abs->scheme('https'); %>?token=<%= $journey->{from_eva} %>-<%= $journey->{checkin_ts} %>-<%= $journey->{sched_dep_ts} %>"
data-url="<%= url_for('public_journey', name => current_user()->{name}, id => $journey->{id} )->to_abs->scheme('https'); %>?token=<%= $journey->{from_eva} %>-<%= $journey->{checkin_ts} % 337 %>-<%= $journey->{sched_dep_ts} %>"
% }
data-text="<%= stash('share_text') %>"
>