From 528e2c8f615ceef3b65632a3ca105084245e79e9 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Thu, 28 Jul 2005 02:58:22 +0000 Subject: Bug 273767: Cannot log out when Param(shutdownhtml) is active - Patch by Frédéric Buclin r=wicked a=myk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla.pm | 9 ++++++++- template/en/default/global/messages.html.tmpl | 4 ++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Bugzilla.pm b/Bugzilla.pm index d3b1a5970..99e5c3add 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -54,7 +54,7 @@ use constant SHUTDOWNHTML_EXEMPT => [ ##################################################################### # If Bugzilla is shut down, do not allow anything to run, just display a -# message to the user about the downtime. Scripts listed in +# message to the user about the downtime and log out. Scripts listed in # SHUTDOWNHTML_EXEMPT are exempt from this message. # # This code must go here. It cannot go anywhere in Bugzilla::CGI, because @@ -62,9 +62,16 @@ use constant SHUTDOWNHTML_EXEMPT => [ if (Param("shutdownhtml") && lsearch(SHUTDOWNHTML_EXEMPT, basename($0)) == -1) { + # For security reasons, log out users when Bugzilla is down. + # Bugzilla->login() is required to catch the logincookie, if any. + my $user = Bugzilla->login(LOGIN_OPTIONAL); + my $userid = $user->id; + Bugzilla->logout(); + my $template = Bugzilla->template; my $vars = {}; $vars->{'message'} = 'shutdown'; + $vars->{'userid'} = $userid; # Generate and return a message about the downtime, appropriately # for if we're a command-line script or a CGI sript. my $extension; diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl index 156bab3d8..d0435597d 100644 --- a/template/en/default/global/messages.html.tmpl +++ b/template/en/default/global/messages.html.tmpl @@ -236,6 +236,10 @@ [% ELSIF message_tag == "shutdown" %] [% title = "$terms.Bugzilla is Down" %] [% Param("shutdownhtml") %] + [% IF userid %] +

For security reasons, you have been logged out automatically. + The cookie that was remembering your login is now gone. + [% END %] [% ELSIF message_tag == "user_match_failed" %] You entered a username that did not match any known -- cgit v1.2.3-24-g4f1b