From e16ca48833e9dd774a61eaab7ca32c44ce6a4276 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Tue, 3 Jan 2006 22:44:53 +0000
Subject: Bug 119524: SECURITY: predictable sessionid (Use a token instead of
 logincookie) - Patch by Olav Vitters <bugzilla-mozilla@bkor.dhs.org> r=mkanat
 a=justdave

---
 Bugzilla/Token.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'Bugzilla/Token.pm')

diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 42dca47d6..dfc7be418 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -155,12 +155,16 @@ sub GenerateUniqueToken {
     # the token in the "tokens" table.  Gives up if it can't come up
     # with a token after about one hundred tries.
 
+    my ($table, $column) = @_;
+    
     my $token;
     my $duplicate = 1;
     my $tries = 0;
+    $table ||= "tokens";
+    $column ||= "token";
 
     my $dbh = Bugzilla->dbh;
-    my $sth = $dbh->prepare("SELECT userid FROM tokens WHERE token = ?");
+    my $sth = $dbh->prepare("SELECT userid FROM $table WHERE $column = ?");
 
     while ($duplicate) {
         ++$tries;
-- 
cgit v1.2.3-24-g4f1b