merged with bugzilla/4.2

author: Dave Lawrence <dlawrence@mozilla.com> 2011-12-15 00:18:12 +0100
committer: Dave Lawrence <dlawrence@mozilla.com> 2011-12-15 00:18:12 +0100
commit: 15e4810e7986b3b631320da6f20925888b7c923c (patch)
tree: ab65c7e9dfdc09fe53a727b75bf1b74ffd975212 /Bugzilla/Token.pm
parent: 6b9320eab2e848a2b2ac2f454af939f467f3d738 (diff)
parent: a6aa75fc6f96527f01e8b4f0da414d9fa8ad8ce1 (diff)
download: bugzilla-15e4810e7986b3b631320da6f20925888b7c923c.tar.gz
bugzilla-15e4810e7986b3b631320da6f20925888b7c923c.tar.xz
1 files changed, 7 insertions, 2 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 4e32436c0..4804851bb 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -178,9 +178,14 @@ sub issue_hash_token {
     $data ||= [];
     $time ||= time();
 
+    # For the user ID, use the actual ID if the user is logged in.
+    # Otherwise, use the remote IP, in case this is for something
+    # such as creating an account or logging in.
+    my $user_id = Bugzilla->user->id || remote_ip();
+
     # The concatenated string is of the form
-    # token creation time + site-wide secret + user ID + data
-    my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, Bugzilla->user->id, @$data);
+    # token creation time + site-wide secret + user ID (either ID or remote IP) + data
+    my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, $user_id, @$data);
 
     my $token = join('*', @args);
     # Wide characters cause md5_hex() to die.
author	Dave Lawrence <dlawrence@mozilla.com>	2011-12-15 00:18:12 +0100
committer	Dave Lawrence <dlawrence@mozilla.com>	2011-12-15 00:18:12 +0100
commit	15e4810e7986b3b631320da6f20925888b7c923c (patch)
tree	ab65c7e9dfdc09fe53a727b75bf1b74ffd975212 /Bugzilla/Token.pm
parent	6b9320eab2e848a2b2ac2f454af939f467f3d738 (diff)
parent	a6aa75fc6f96527f01e8b4f0da414d9fa8ad8ce1 (diff)
download	bugzilla-15e4810e7986b3b631320da6f20925888b7c923c.tar.gz bugzilla-15e4810e7986b3b631320da6f20925888b7c923c.tar.xz