diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2015-08-13 23:52:37 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2015-08-13 23:52:37 +0200 |
| commit | 4d8d27d21883d96bb66780f6418bbfd332dba9e7 (patch) | |
| tree | 1b0cc34c3114687271df5c00c640ee11f6cd9281 /Bugzilla/Auth | |
| parent | 40dbd9de66f927d1f443ab0d43badf7e90082199 (diff) | |
| download | bugzilla-4d8d27d21883d96bb66780f6418bbfd332dba9e7.tar.gz bugzilla-4d8d27d21883d96bb66780f6418bbfd332dba9e7.tar.xz | |
Bug 1185240: Logging out while impersonating a user should also delete the sudo token
r=dkl a=sgreen
Diffstat (limited to 'Bugzilla/Auth')
| -rw-r--r-- | Bugzilla/Auth/Persist/Cookie.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm index 2d1291f3b..877d1907e 100644 --- a/Bugzilla/Auth/Persist/Cookie.pm +++ b/Bugzilla/Auth/Persist/Cookie.pm @@ -100,6 +100,8 @@ sub logout { if ($type == LOGOUT_ALL) { $dbh->do("DELETE FROM logincookies WHERE userid = ?", undef, $user->id); + $dbh->do("DELETE FROM tokens WHERE userid = ? AND tokentype = 'sudo'", + undef, $user->id); return; } @@ -144,6 +146,8 @@ sub logout { $dbh->sql_in('cookie', \@login_cookies) . " AND userid = ?", undef, $user->id); + my $token = $cgi->cookie('sudo'); + delete_token($token); } else { die("Invalid type $type supplied to logout()"); } |