summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Token.pm
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-01-03 23:44:53 +0100
committerlpsolit%gmail.com <>2006-01-03 23:44:53 +0100
commite16ca48833e9dd774a61eaab7ca32c44ce6a4276 (patch)
treefc19ca29fde4d73f039a38fd9c5f69373e5a5d63 /Bugzilla/Token.pm
parent093f6970ea0e8356b5f8a51ec916926fcb68b41f (diff)
downloadbugzilla-e16ca48833e9dd774a61eaab7ca32c44ce6a4276.tar.gz
bugzilla-e16ca48833e9dd774a61eaab7ca32c44ce6a4276.tar.xz
Bug 119524: SECURITY: predictable sessionid (Use a token instead of logincookie) - Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=mkanat a=justdave
Diffstat (limited to 'Bugzilla/Token.pm')
-rw-r--r--Bugzilla/Token.pm6
1 files changed, 5 insertions, 1 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 42dca47d6..dfc7be418 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -155,12 +155,16 @@ sub GenerateUniqueToken {
# the token in the "tokens" table. Gives up if it can't come up
# with a token after about one hundred tries.
+ my ($table, $column) = @_;
+
my $token;
my $duplicate = 1;
my $tries = 0;
+ $table ||= "tokens";
+ $column ||= "token";
my $dbh = Bugzilla->dbh;
- my $sth = $dbh->prepare("SELECT userid FROM tokens WHERE token = ?");
+ my $sth = $dbh->prepare("SELECT userid FROM $table WHERE $column = ?");
while ($duplicate) {
++$tries;