From a7310a522e4ac2b24d01f0cdf44e132d0db8f73b Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sun, 18 Oct 2009 23:34:57 +0000 Subject: Bug 399073: Remove the 'loginnetmask' parameter - Patch by Frédéric Buclin r/a=mkanat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla/Auth/Login/Cookie.pm | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) (limited to 'Bugzilla/Auth/Login/Cookie.pm') diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm index e2cd8f5ee..0b002168e 100644 --- a/Bugzilla/Auth/Login/Cookie.pm +++ b/Bugzilla/Auth/Login/Cookie.pm @@ -36,7 +36,6 @@ sub get_login_info { my $dbh = Bugzilla->dbh; my $ip_addr = $cgi->remote_addr(); - my $net_addr = get_netaddr($ip_addr); my $login_cookie = $cgi->cookie("Bugzilla_logincookie"); my $user_id = $cgi->cookie("Bugzilla_login"); @@ -60,24 +59,16 @@ sub get_login_info { trick_taint($login_cookie); detaint_natural($user_id); - my $query = "SELECT userid - FROM logincookies - WHERE logincookies.cookie = ? - AND logincookies.userid = ? - AND (logincookies.ipaddr = ?"; - - # If we have a network block that's allowed to use this cookie, - # as opposed to just a single IP. - my @params = ($login_cookie, $user_id, $ip_addr); - if (defined $net_addr) { - trick_taint($net_addr); - $query .= " OR logincookies.ipaddr = ?"; - push(@params, $net_addr); - } - $query .= ")"; + my $is_valid = + $dbh->selectrow_array('SELECT 1 + FROM logincookies + WHERE cookie = ? + AND userid = ? + AND (ipaddr = ? OR ipaddr IS NULL)', + undef, ($login_cookie, $user_id, $ip_addr)); # If the cookie is valid, return a valid username. - if ($dbh->selectrow_array($query, undef, @params)) { + if ($is_valid) { # If we logged in successfully, then update the lastused # time on the login cookie $dbh->do("UPDATE logincookies SET lastused = NOW() -- cgit v1.2.3-24-g4f1b