diff options
| -rw-r--r-- | Bugzilla/Auth/Persist/Cookie.pm | 1 | ||||
| -rwxr-xr-x | index.cgi | 17 | ||||
| -rwxr-xr-x | relogin.cgi | 16 | ||||
| -rw-r--r-- | template/en/default/global/common-links.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/sidebar.xul.tmpl | 3 |
5 files changed, 18 insertions, 21 deletions
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm index 420bad16b..c533252d3 100644 --- a/Bugzilla/Auth/Persist/Cookie.pm +++ b/Bugzilla/Auth/Persist/Cookie.pm @@ -161,6 +161,7 @@ sub clear_browser_cookies { my $cgi = Bugzilla->cgi; $cgi->remove_cookie('Bugzilla_login'); $cgi->remove_cookie('Bugzilla_logincookie'); + $cgi->remove_cookie('sudo'); } 1; @@ -38,12 +38,24 @@ use Bugzilla::Update; # Check whether or not the user is logged in my $user = Bugzilla->login(LOGIN_OPTIONAL); +my $cgi = Bugzilla->cgi; +my $template = Bugzilla->template; +my $vars = {}; + +# And log out the user if requested. We do this first so that nothing +# else accidentally relies on the current login. +if ($cgi->param('logout')) { + Bugzilla->logout(); + $user = Bugzilla->user; + $vars->{'message'} = "logged_out"; + # Make sure that templates or other code doesn't get confused about this. + $cgi->delete('logout'); +} ############################################################################### # Main Body Execution ############################################################################### -my $cgi = Bugzilla->cgi; # Force to use HTTPS unless Bugzilla->params->{'ssl'} equals 'never'. # This is required because the user may want to log in from here. if ($cgi->protocol ne 'https' && Bugzilla->params->{'sslbase'} ne '' @@ -52,9 +64,6 @@ if ($cgi->protocol ne 'https' && Bugzilla->params->{'sslbase'} ne '' $cgi->require_https(Bugzilla->params->{'sslbase'}); } -my $template = Bugzilla->template; -my $vars = {}; - # Return the appropriate HTTP response headers. print $cgi->header(); diff --git a/relogin.cgi b/relogin.cgi index 9d30d7c11..a5cea5f91 100755 --- a/relogin.cgi +++ b/relogin.cgi @@ -37,7 +37,7 @@ use Date::Format; my $template = Bugzilla->template; my $cgi = Bugzilla->cgi; -my $action = $cgi->param('action') || 'logout'; +my $action = $cgi->param('action'); my $vars = {}; my $target; @@ -184,20 +184,6 @@ elsif ($action eq 'end-sudo') { $vars->{'message'} = 'sudo_ended'; $target = 'global/message.html.tmpl'; } -# Log out the currently logged-in user (this used to be the only thing this did) -elsif ($action eq 'logout') { - # We don't want to remove a random logincookie from the db, so - # call Bugzilla->login(). If we're logged in after this, then - # the logincookie must be correct - Bugzilla->login(LOGIN_OPTIONAL); - - $cgi->remove_cookie('sudo'); - - Bugzilla->logout(); - - $vars->{'message'} = "logged_out"; - $target = 'global/message.html.tmpl'; -} # No valid action found else { Bugzilla->login(LOGIN_OPTIONAL); diff --git a/template/en/default/global/common-links.html.tmpl b/template/en/default/global/common-links.html.tmpl index 6f2c46f46..5c4e9d9a5 100644 --- a/template/en/default/global/common-links.html.tmpl +++ b/template/en/default/global/common-links.html.tmpl @@ -68,7 +68,7 @@ <li> <span class="separator">| </span> [% IF user.authorizer.can_logout %] - <a href="relogin.cgi">Log out</a> + <a href="index.cgi?logout=1">Log out</a> [% ELSE %] Logged in as [% END %] diff --git a/template/en/default/sidebar.xul.tmpl b/template/en/default/sidebar.xul.tmpl index 8035c8298..3df943e5c 100644 --- a/template/en/default/sidebar.xul.tmpl +++ b/template/en/default/sidebar.xul.tmpl @@ -97,7 +97,8 @@ function normal_keypress_handler( aEvent ) { <text class="text-link" onclick="load_relative_url('sanitycheck.cgi')" value="sanity check"/> [%- END %] [%- IF user.authorizer.can_logout %] - <text class="text-link" onclick="load_relative_url('relogin.cgi')" value="log out [% user.login FILTER html %]"/> + <text class="text-link" onclick="load_relative_url('index.cgi?logout=1')" + value="log out [% user.login FILTER html %]"/> [%- END %] <separator class="thin"/> [%- IF user.showmybugslink %] |