Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.
It is possible that an XSRF could also forge a cookie with the correct information if the nonce is tranmitted in plaintext.
Added passphrases for encrypting the nonce and cookie used for xsrf protection. The passphrases may be 32 or 16-bytes in length. There are 16-byte default passphrases to ensure simple transition. Modified the WikiEdit and MessagePost xsrf routines to use encryption and decryption.
Added a unit test for encryption and decryption longer passphrases.