summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-08-25 07:37:20 +0200
committerByron Jones <glob@mozilla.com>2015-08-25 07:37:20 +0200
commit90a618266ecb83f138cd5d0a3ff5bf26012625e9 (patch)
tree7c2b7ffae52189af5aaae52c84f38ab9978de27d
parent85adb94a090b4bc87eab72193e7066e476da253e (diff)
downloadbugzilla-90a618266ecb83f138cd5d0a3ff5bf26012625e9.tar.gz
bugzilla-90a618266ecb83f138cd5d0a3ff5bf26012625e9.tar.xz
Bug 1197699 - always store the ip address in the logincookies table
-rw-r--r--Bugzilla/Auth/Login/Cookie.pm2
-rw-r--r--Bugzilla/Auth/Persist/Cookie.pm18
2 files changed, 8 insertions, 12 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index 46024bca4..738d26b21 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -107,7 +107,7 @@ sub get_login_info {
FROM logincookies
WHERE cookie = ?
AND userid = ?
- AND (ipaddr = ? OR ipaddr IS NULL)',
+ AND (restrict_ipaddr = 0 OR ipaddr = ?)',
undef, ($login_cookie, $user_id, $ip_addr));
# If the cookie is valid, return a valid username.
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index a064a231a..4adb00f96 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -50,22 +50,18 @@ sub persist_login {
my $cgi = Bugzilla->cgi;
my $input_params = Bugzilla->input_params;
- my $ip_addr;
- if ($input_params->{'Bugzilla_restrictlogin'}) {
- $ip_addr = remote_ip();
- # The IP address is valid, at least for comparing with itself in a
- # subsequent login
- trick_taint($ip_addr);
- }
-
$dbh->bz_start_transaction();
my $login_cookie =
Bugzilla::Token::GenerateUniqueToken('logincookies', 'cookie');
- $dbh->do("INSERT INTO logincookies (cookie, userid, ipaddr, lastused)
- VALUES (?, ?, ?, NOW())",
- undef, $login_cookie, $user->id, $ip_addr);
+ my $ip_addr = remote_ip();
+ trick_taint($ip_addr);
+ my $restrict = $input_params->{Bugzilla_restrictlogin} ? 1 : 0;
+
+ $dbh->do("INSERT INTO logincookies (cookie, userid, ipaddr, lastused, restrict_ipaddr)
+ VALUES (?, ?, ?, NOW(), ?)",
+ undef, $login_cookie, $user->id, $ip_addr, $restrict);
# Issuing a new cookie is a good time to clean up the old
# cookies.