summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla.pm9
-rw-r--r--template/en/default/global/messages.html.tmpl4
2 files changed, 12 insertions, 1 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm
index d3b1a5970..99e5c3add 100644
--- a/Bugzilla.pm
+++ b/Bugzilla.pm
@@ -54,7 +54,7 @@ use constant SHUTDOWNHTML_EXEMPT => [
#####################################################################
# If Bugzilla is shut down, do not allow anything to run, just display a
-# message to the user about the downtime. Scripts listed in
+# message to the user about the downtime and log out. Scripts listed in
# SHUTDOWNHTML_EXEMPT are exempt from this message.
#
# This code must go here. It cannot go anywhere in Bugzilla::CGI, because
@@ -62,9 +62,16 @@ use constant SHUTDOWNHTML_EXEMPT => [
if (Param("shutdownhtml")
&& lsearch(SHUTDOWNHTML_EXEMPT, basename($0)) == -1)
{
+ # For security reasons, log out users when Bugzilla is down.
+ # Bugzilla->login() is required to catch the logincookie, if any.
+ my $user = Bugzilla->login(LOGIN_OPTIONAL);
+ my $userid = $user->id;
+ Bugzilla->logout();
+
my $template = Bugzilla->template;
my $vars = {};
$vars->{'message'} = 'shutdown';
+ $vars->{'userid'} = $userid;
# Generate and return a message about the downtime, appropriately
# for if we're a command-line script or a CGI sript.
my $extension;
diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl
index 156bab3d8..d0435597d 100644
--- a/template/en/default/global/messages.html.tmpl
+++ b/template/en/default/global/messages.html.tmpl
@@ -236,6 +236,10 @@
[% ELSIF message_tag == "shutdown" %]
[% title = "$terms.Bugzilla is Down" %]
[% Param("shutdownhtml") %]
+ [% IF userid %]
+ <p>For security reasons, you have been logged out automatically.
+ The cookie that was remembering your login is now gone.
+ [% END %]
[% ELSIF message_tag == "user_match_failed" %]
You entered a username that did not match any known