summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Auth/Persist/Cookie.pm1
-rwxr-xr-xindex.cgi17
-rwxr-xr-xrelogin.cgi16
-rw-r--r--template/en/default/global/common-links.html.tmpl2
-rw-r--r--template/en/default/sidebar.xul.tmpl3
5 files changed, 18 insertions, 21 deletions
diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm
index 420bad16b..c533252d3 100644
--- a/Bugzilla/Auth/Persist/Cookie.pm
+++ b/Bugzilla/Auth/Persist/Cookie.pm
@@ -161,6 +161,7 @@ sub clear_browser_cookies {
my $cgi = Bugzilla->cgi;
$cgi->remove_cookie('Bugzilla_login');
$cgi->remove_cookie('Bugzilla_logincookie');
+ $cgi->remove_cookie('sudo');
}
1;
diff --git a/index.cgi b/index.cgi
index 89880d163..660909452 100755
--- a/index.cgi
+++ b/index.cgi
@@ -38,12 +38,24 @@ use Bugzilla::Update;
# Check whether or not the user is logged in
my $user = Bugzilla->login(LOGIN_OPTIONAL);
+my $cgi = Bugzilla->cgi;
+my $template = Bugzilla->template;
+my $vars = {};
+
+# And log out the user if requested. We do this first so that nothing
+# else accidentally relies on the current login.
+if ($cgi->param('logout')) {
+ Bugzilla->logout();
+ $user = Bugzilla->user;
+ $vars->{'message'} = "logged_out";
+ # Make sure that templates or other code doesn't get confused about this.
+ $cgi->delete('logout');
+}
###############################################################################
# Main Body Execution
###############################################################################
-my $cgi = Bugzilla->cgi;
# Force to use HTTPS unless Bugzilla->params->{'ssl'} equals 'never'.
# This is required because the user may want to log in from here.
if ($cgi->protocol ne 'https' && Bugzilla->params->{'sslbase'} ne ''
@@ -52,9 +64,6 @@ if ($cgi->protocol ne 'https' && Bugzilla->params->{'sslbase'} ne ''
$cgi->require_https(Bugzilla->params->{'sslbase'});
}
-my $template = Bugzilla->template;
-my $vars = {};
-
# Return the appropriate HTTP response headers.
print $cgi->header();
diff --git a/relogin.cgi b/relogin.cgi
index 9d30d7c11..a5cea5f91 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -37,7 +37,7 @@ use Date::Format;
my $template = Bugzilla->template;
my $cgi = Bugzilla->cgi;
-my $action = $cgi->param('action') || 'logout';
+my $action = $cgi->param('action');
my $vars = {};
my $target;
@@ -184,20 +184,6 @@ elsif ($action eq 'end-sudo') {
$vars->{'message'} = 'sudo_ended';
$target = 'global/message.html.tmpl';
}
-# Log out the currently logged-in user (this used to be the only thing this did)
-elsif ($action eq 'logout') {
- # We don't want to remove a random logincookie from the db, so
- # call Bugzilla->login(). If we're logged in after this, then
- # the logincookie must be correct
- Bugzilla->login(LOGIN_OPTIONAL);
-
- $cgi->remove_cookie('sudo');
-
- Bugzilla->logout();
-
- $vars->{'message'} = "logged_out";
- $target = 'global/message.html.tmpl';
-}
# No valid action found
else {
Bugzilla->login(LOGIN_OPTIONAL);
diff --git a/template/en/default/global/common-links.html.tmpl b/template/en/default/global/common-links.html.tmpl
index 6f2c46f46..5c4e9d9a5 100644
--- a/template/en/default/global/common-links.html.tmpl
+++ b/template/en/default/global/common-links.html.tmpl
@@ -68,7 +68,7 @@
<li>
<span class="separator">| </span>
[% IF user.authorizer.can_logout %]
- <a href="relogin.cgi">Log&nbsp;out</a>
+ <a href="index.cgi?logout=1">Log&nbsp;out</a>
[% ELSE %]
Logged&nbsp;in&nbsp;as
[% END %]
diff --git a/template/en/default/sidebar.xul.tmpl b/template/en/default/sidebar.xul.tmpl
index 8035c8298..3df943e5c 100644
--- a/template/en/default/sidebar.xul.tmpl
+++ b/template/en/default/sidebar.xul.tmpl
@@ -97,7 +97,8 @@ function normal_keypress_handler( aEvent ) {
<text class="text-link" onclick="load_relative_url('sanitycheck.cgi')" value="sanity check"/>
[%- END %]
[%- IF user.authorizer.can_logout %]
- <text class="text-link" onclick="load_relative_url('relogin.cgi')" value="log out [% user.login FILTER html %]"/>
+ <text class="text-link" onclick="load_relative_url('index.cgi?logout=1')"
+ value="log out [% user.login FILTER html %]"/>
[%- END %]
<separator class="thin"/>
[%- IF user.showmybugslink %]