git.koha-community.org Git - koha.git/commit

author	Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
	Fri, 15 Jul 2016 12:16:07 +0000 (14:16 +0200)
committer	Kyle M Hall <kyle@bywatersolutions.com>
	Wed, 10 Aug 2016 13:25:59 +0000 (13:25 +0000)
commit	523d0be9dc795a676aae907736394e64e33350a3
tree	434786dda4199d5724eb61af26e843841290edbf	tree \| snapshot
parent	09d0b1310bda677b6939b59ea8a68f84e2ec93f6	commit \| diff

Bug 16929: Prevent opac-memberentry waiting for random chars

Move calls to WWW::CSRF to Koha::Token.
Send a safe random string to WWW::CSRF instead of letting CSRF make a
blocking call to Bytes::Random::Secure. If your server has not enough
entropy, opac-memberentry will hang waiting for more characters in
dev/random. Koha::Token uses Bytes::Random::Secure with the NonBlocking
flag.

Test plan:
[1] Do not yet apply this patch.
[2] If your server has not enough entropy, calling opac-memberentry may
take a while. But this not may be the case for you (no worries).
[3] Apply this patch.
[4] Verify that opac-memberentry still works as expected.
[5] Run t/Token.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Yes, my server had entropy trouble (reason for finding the problem).
This patch resolves the delay.

Tested all 3 patches together, works as expected.
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Koha/Token.pm	[new file with mode: 0644]	blob
opac/opac-memberentry.pl		diff \| blob \| history
t/Token.t	[new file with mode: 0644]	blob