From c4d433f564708cf74256a38c0723143723ee100b Mon Sep 17 00:00:00 2001
From: morimoto <morimoto@180c8125-5b33-4295-ad04-72a68a15b4cc>
Date: Tue, 15 Jan 2008 12:21:00 +0000
Subject: [PATCH] Prevented referrer leak. Renew session ID in action_url.
 Closes #11663

---
 lib/Keitairc/SessionManager.pm |  9 ++++++++-
 lib/plugins/10url              | 10 ++++++----
 lib/templates/url.html         |  4 ++--
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/lib/Keitairc/SessionManager.pm b/lib/Keitairc/SessionManager.pm
index 1386553..9cd64dd 100644
--- a/lib/Keitairc/SessionManager.pm
+++ b/lib/Keitairc/SessionManager.pm
@@ -1,6 +1,6 @@
 # -*-perl-*-
 # Keitairc::SessionManager
-# $Id: SessionManager.pm,v 1.2 2008-01-13 14:00:14 morimoto Exp $
+# $Id: SessionManager.pm,v 1.3 2008-01-15 12:21:00 morimoto Exp $
 # $Source: /home/ishikawa/work/keitairc/tmp/keitairc/lib/Keitairc/SessionManager.pm,v $
 #
 # Copyright (c) 2008 Jun Morimoto <morimoto@mrmt.net>
@@ -166,6 +166,13 @@ sub garbage_collect{
 }
 
 ################################################################
+sub delete{
+	my $me = shift;
+	my $session_id = shift;
+	delete $me->{sessions}->{$session_id};
+}
+
+################################################################
 # USER_AGENTʸ»úÎ󤫤顢¥»¥Ã¥·¥ç¥óȽÄê¤Î˸¤²¤È¤Ê¤ëÍ×ÁǤò¼è¤ë
 sub normalize_user_agent{
 	my $me = shift;
diff --git a/lib/plugins/10url b/lib/plugins/10url
index b836ba4..7c0e34a 100644
--- a/lib/plugins/10url
+++ b/lib/plugins/10url
@@ -1,7 +1,7 @@
 # -*-perl-*-
 # keitairc/lib/plugins/10url
 # URLˆ—
-# $Id: 10url,v 1.2 2008-01-13 12:12:55 morimoto Exp $
+# $Id: 10url,v 1.3 2008-01-15 12:21:00 morimoto Exp $
 # $Source: /home/ishikawa/work/keitairc/tmp/keitairc/lib/plugins/10url,v $
 
 $plugin = {
@@ -20,12 +20,14 @@ $plugin = {
 		my ($request, $name, $session_id, $param_string) = @_;
 		my $ci = new Keitairc::ClientInfo($request);
 		my $view = new Keitairc::View($::cf, $ci);
+
+		# V‚µ‚¢ session_id ‚ðì‚Á‚Č¢‚̂͏Á‚·
+		$::sm->delete($session_id);
+		my $new_session = $::sm->add($ci->{header}->{user_agent}, $ci->serial_key());
 		return $view->render('url.html', {
-			session_id => $session_id,
 			url => $param_string,
+			session_id => $new_session->{id},
 			escaped_url => ::uri_escape($param_string),
-			ezweb => $ci->is_ezweb(),
-			sid => $session_id,
 			     });
 	}
 };
diff --git a/lib/templates/url.html b/lib/templates/url.html
index 0c73757..7b423ef 100644
--- a/lib/templates/url.html
+++ b/lib/templates/url.html
@@ -11,7 +11,7 @@
   <body>
     <!-- tmpl_var url -->
     <hr />
-
+    <font color="#f3333">‚±‚ÌÍß-¼Þ‚Å‚Í[–ß‚é]ÎÞÀ݂͎g‚¦‚Ü‚¹‚ñ</font><br />
     <form method="post" action="/<!-- tmpl_var session_id -->/postme">
       <a accesskey="1" href="<!-- tmpl_var url -->">
 	[1] ’¼Ú±¸¾½</a><br />
@@ -19,7 +19,7 @@
 	[2] Îß¹¯Ä‚͂ĂȂű¸¾½</a><br />
       <a accesskey="3" href="http://p.m.livedoor.com/?__u=<!-- tmpl_var escaped_url -->">
 	[3] ÓÊÞ³»Þ-ƒÀ‚ű¸¾½</a><br />
-      <tmpl_if ezweb>
+      <tmpl_if is_ezweb>
 	<a accesskey="4" href="device:pcsiteviewer?url=<!-- tmpl_var url -->">
 	  [4] PC»²ÄËÞ­-±‚ű¸¾½</a><br />
       </tmpl_if>
-- 
2.11.0