From 09e1bbfee2f997261d24acb37d95bdb638467c02 Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 3 Jan 2018 14:22:04 -0500
Subject: Bug 1426409 - github_secret key has no rate limiting

---
 Bugzilla.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Bugzilla.pm')

diff --git a/Bugzilla.pm b/Bugzilla.pm
index 9e5177839..b7aaadf3f 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -317,7 +317,7 @@ sub github_secret {
     my $cache = $class->request_cache;
     my $cgi   = $class->cgi;
 
-    $cache->{github_secret} //= $cgi->cookie('github_secret') // generate_random_password(16);
+    $cache->{github_secret} //= $cgi->cookie('github_secret') // generate_random_password(256);
 
     return $cache->{github_secret};
 }
@@ -853,7 +853,7 @@ sub check_rate_limit {
                 $action = 'ignore';
             }
             my $limit = join("/", @$limit);
-            Bugzilla->audit("[rate_limit] action=$action, ip=$ip, limit=$limit");
+            Bugzilla->audit("[rate_limit] action=$action, ip=$ip, limit=$limit, name=$name");
             ThrowUserError("rate_limit") if $action eq 'block';
         }
     }
-- 
cgit v1.2.3-24-g4f1b