Bug 748095: Bugzilla crashes when the shutdownhtml parameter is set and using a non-cookie based authentication method

r=dkl a=justdave
author: Frédéric Buclin <LpSolit@gmail.com> 2013-12-21 17:42:14 +0100
committer: Frédéric Buclin <LpSolit@gmail.com> 2013-12-21 17:42:14 +0100
commit: 61858962b06866a330960bd161591b000e26ae63 (patch)
tree: 52e8225f3477795496db0e70baeb9183a2a054d3 /Bugzilla
parent: 9e4f74655ed3ddad46019932d4b0c036af8367da (diff)
download: bugzilla-61858962b06866a330960bd161591b000e26ae63.tar.gz
bugzilla-61858962b06866a330960bd161591b000e26ae63.tar.xz
1 files changed, 4 insertions, 3 deletions
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 9681bcea2..939a1ac9c 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -108,8 +108,8 @@ sub logout {
     if ($cookie) {
         push(@login_cookies, $cookie->value);
     }
-    else {
-        push(@login_cookies, $cgi->cookie("Bugzilla_logincookie"));
+    elsif ($cookie = $cgi->cookie('Bugzilla_logincookie')) {
+        push(@login_cookies, $cookie);
     }
 
     # If we are a webservice using a token instead of cookie
@@ -118,7 +118,8 @@ sub logout {
         push(@login_cookies, $login_token->{'login_token'});
     }
 
-    return if !@login_cookies;
+    # Make sure that @login_cookies is not empty to not break SQL statements.
+    push(@login_cookies, '') unless @login_cookies;
 
     # These queries use both the cookie ID and the user ID as keys. Even
     # though we know the userid must match, we still check it in the SQL
author	Frédéric Buclin <LpSolit@gmail.com>	2013-12-21 17:42:14 +0100
committer	Frédéric Buclin <LpSolit@gmail.com>	2013-12-21 17:42:14 +0100
commit	61858962b06866a330960bd161591b000e26ae63 (patch)
tree	52e8225f3477795496db0e70baeb9183a2a054d3 /Bugzilla
parent	9e4f74655ed3ddad46019932d4b0c036af8367da (diff)
download	bugzilla-61858962b06866a330960bd161591b000e26ae63.tar.gz bugzilla-61858962b06866a330960bd161591b000e26ae63.tar.xz