Kay Sindre Bærulfsen wrote: > Hi people, > > http://search.cpan.org/~mramberg/Catalyst-Runtime-5.7001/lib/Catalyst/Manual/Tutorial/Authentication.pod > > I was reading trough the Authentication Tutorial in the Catalyst > documentation, and found something I believe could be a > security-problem in applications using this approach. I guess you can > look at it as a typo too. :P
http://dev.catalyst.perl.org/docs/Catalyst/Manual/Tutorial/Authentication.html#add_valid_user_check Notice it says if ($c->controller eq $c->controller('Login')) { instead, which is a rather better fix than the one you propose. This will be shipped as part of 5.7002 -- Matt S Trout Offering custom development, consultancy and support Technical Director contracts for Catalyst, DBIx::Class and BAST. Contact Shadowcat Systems Ltd. mst (at) shadowcatsystems.co.uk for more information + Help us build a better perl ORM: http://dbix-class.shadowcatsystems.co.uk/ + _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
