diff options
author | lpsolit%gmail.com <> | 2006-01-03 23:44:53 +0100 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-01-03 23:44:53 +0100 |
commit | e16ca48833e9dd774a61eaab7ca32c44ce6a4276 (patch) | |
tree | fc19ca29fde4d73f039a38fd9c5f69373e5a5d63 /Bugzilla/Token.pm | |
parent | 093f6970ea0e8356b5f8a51ec916926fcb68b41f (diff) | |
download | bugzilla-e16ca48833e9dd774a61eaab7ca32c44ce6a4276.tar.gz bugzilla-e16ca48833e9dd774a61eaab7ca32c44ce6a4276.tar.xz |
Bug 119524: SECURITY: predictable sessionid (Use a token instead of logincookie) - Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=mkanat a=justdave
Diffstat (limited to 'Bugzilla/Token.pm')
-rw-r--r-- | Bugzilla/Token.pm | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 42dca47d6..dfc7be418 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -155,12 +155,16 @@ sub GenerateUniqueToken { # the token in the "tokens" table. Gives up if it can't come up # with a token after about one hundred tries. + my ($table, $column) = @_; + my $token; my $duplicate = 1; my $tries = 0; + $table ||= "tokens"; + $column ||= "token"; my $dbh = Bugzilla->dbh; - my $sth = $dbh->prepare("SELECT userid FROM tokens WHERE token = ?"); + my $sth = $dbh->prepare("SELECT userid FROM $table WHERE $column = ?"); while ($duplicate) { ++$tries; |