8 files changed, 26 insertions, 24 deletions

diff --git a/CGI.pl b/CGI.pl
index f93c0601b..6f9461b8f 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -985,23 +985,18 @@ sub confirm_login {
        my $logincookie = FetchOneColumn();
 
        $::COOKIE{"Bugzilla_logincookie"} = $logincookie;
-       print "Set-Cookie: Bugzilla_login=$enteredlogin ; path=/; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
-       print "Set-Cookie: Bugzilla_logincookie=$logincookie ; path=/; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
-
-       # This next one just cleans out any old bugzilla passwords that may
-       # be sitting around in the cookie files, from the bad old days when
-       # we actually stored the password there.
-       print "Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT\n";
+       my $cookiepath = Param("cookiepath");
+       print "Set-Cookie: Bugzilla_login=$enteredlogin ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+       print "Set-Cookie: Bugzilla_logincookie=$logincookie ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
     }
 
-
     my $loginok = quietly_check_login();
 
     if ($loginok != 1) {
         if ($::disabledreason) {
-            print "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+            my $cookiepath = Param("cookiepath");
+            print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
 Content-type: text/html
 
 ";
diff --git a/buglist.cgi b/buglist.cgi
index c2eff0055..048d4582a 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -1329,7 +1329,8 @@ if ($serverpush) {
 my $toolong = 0;
 if ($::FORM{'order'}) {
     my $q = url_quote($::FORM{'order'});
-    print "Set-Cookie: LASTORDER=$q ; path=/; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+    my $cookiepath = Param("cookiepath");
+    print "Set-Cookie: LASTORDER=$q ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
 }
 if (length($buglist) < 4000) {
     print "Set-Cookie: BUGLIST=$buglist\n\n";
diff --git a/colchange.cgi b/colchange.cgi
index f3521b7ad..456aeb499 100755
--- a/colchange.cgi
+++ b/colchange.cgi
@@ -75,8 +75,9 @@ if (defined $::FORM{'rememberedquery'}) {
     }
     my $list = join(" ", @collist);
     my $urlbase = Param("urlbase");
-    print "Set-Cookie: COLUMNLIST=$list ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
-    print "Set-Cookie: SPLITHEADER=$::FORM{'splitheader'} ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+    my $cookiepath = Param("cookiepath");
+    print "Set-Cookie: COLUMNLIST=$list ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+    print "Set-Cookie: SPLITHEADER=$::FORM{'splitheader'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
     print "Refresh: 0; URL=buglist.cgi?$::FORM{'rememberedquery'}\n";
     print "\n";
     print "<META HTTP-EQUIV=Refresh CONTENT=\"1; URL=$urlbase"."buglist.cgi?$::FORM{'rememberedquery'}\">\n";
diff --git a/createaccount.cgi b/createaccount.cgi
index 88c18d0fd..4e5f6d49d 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -37,9 +37,9 @@ ConnectToDatabase();
 # Clear out the login cookies.  Make people log in again if they create an
 # account; otherwise, they'll probably get confused.
 
-print "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+my $cookiepath = Param("cookiepath");
+print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
 Content-type: text/html
 
 ";
diff --git a/defparams.pl b/defparams.pl
index 00f332773..51ea4550a 100644
--- a/defparams.pl
+++ b/defparams.pl
@@ -140,6 +140,11 @@ sub check_urlbase {
     return "";
 }
 
+DefParam("cookiepath", 
+  "Directory path under your document root that holds your Bugzilla installation. Make sure to begin with a /.",
+  "t",
+  "/");
+
 DefParam("preferlists",
 	"If this is on, Bugzilla will display most selection options as selection lists. If this is off, Bugzilla will use radio buttons and checkboxes instead.",
 	"b",
diff --git a/post_bug.cgi b/post_bug.cgi
index f1a3e6443..4fc7e9c99 100755
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -48,8 +48,9 @@ sub sillyness {
 
 confirm_login();
 
-print "Set-Cookie: PLATFORM=$::FORM{'product'} ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} );
-print "Set-Cookie: VERSION-$::FORM{'product'}=$::FORM{'version'} ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} && exists $::FORM{'version'} );
+my $cookiepath = Param("cookiepath");
+print "Set-Cookie: PLATFORM=$::FORM{'product'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} );
+print "Set-Cookie: VERSION-$::FORM{'product'}=$::FORM{'version'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} && exists $::FORM{'version'} );
 
 print "Content-type: text/html\n\n";
 
diff --git a/query.cgi b/query.cgi
index 8ecb17e44..64107a0f8 100755
--- a/query.cgi
+++ b/query.cgi
@@ -95,7 +95,7 @@ if ($userid) {
                             "($userid, $qname, " . SqlQuote($value) . ")");
                 }
             }
-            print "Set-Cookie: $cookiename= ; path=/ ; expires=Sun, 30-Jun-1980 00:00:00 GMT\n";
+            print "Set-Cookie: $cookiename= ; path=" . Param("cookiepath"). "; expires=Sun, 30-Jun-1980 00:00:00 GMT\n";
         }
     }
 }
diff --git a/relogin.cgi b/relogin.cgi
index a179bafb7..cafb5b93a 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -27,10 +27,9 @@ use vars %::COOKIE;
 
 require "CGI.pl";
 
-
-print "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+my $cookiepath = Param("cookiepath");
+print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
 Content-type: text/html
 
 ";