Skip to content

bugzilla
bugzilla
Commit 2b22c65a authored by bbaetz%student.usyd.edu.au's avatar bbaetz%student.usyd.edu.au
Browse files
Options

Bug 129466 - use IP addr (not hostname) in logincookies table

r=gerv, justdave
parent 9ff5677e
Hide whitespace changes
Inline Side-by-side
Showing with 15 additions and 11 deletions
CGI.pl
View file @ 2b22c65a
...@@ -695,15 +695,12 @@ sub quietly_check_login() { ...@@ -695,15 +695,12 @@ sub quietly_check_login() {
if (defined $::COOKIE{"Bugzilla_login"} && if (defined $::COOKIE{"Bugzilla_login"} &&
defined $::COOKIE{"Bugzilla_logincookie"}) { defined $::COOKIE{"Bugzilla_logincookie"}) {
ConnectToDatabase(); ConnectToDatabase();
if (!defined $ENV{'REMOTE_HOST'}) {
$ENV{'REMOTE_HOST'} = $ENV{'REMOTE_ADDR'};
}
SendSQL("SELECT profiles.userid, profiles.groupset, " . SendSQL("SELECT profiles.userid, profiles.groupset, " .
"profiles.login_name, " . "profiles.login_name, " .
"profiles.login_name = " . "profiles.login_name = " .
SqlQuote($::COOKIE{"Bugzilla_login"}) . SqlQuote($::COOKIE{"Bugzilla_login"}) .
" AND logincookies.hostname = " . " AND logincookies.ipaddr = " .
SqlQuote($ENV{"REMOTE_HOST"}) . SqlQuote($ENV{"REMOTE_ADDR"}) .
", profiles.disabledtext " . ", profiles.disabledtext " .
" FROM profiles, logincookies WHERE logincookies.cookie = " . " FROM profiles, logincookies WHERE logincookies.cookie = " .
SqlQuote($::COOKIE{"Bugzilla_logincookie"}) . SqlQuote($::COOKIE{"Bugzilla_logincookie"}) .
...@@ -988,10 +985,7 @@ sub confirm_login { ...@@ -988,10 +985,7 @@ sub confirm_login {
# the cookies. # the cookies.
if($enteredlogin ne "") { if($enteredlogin ne "") {
$::COOKIE{"Bugzilla_login"} = $enteredlogin; $::COOKIE{"Bugzilla_login"} = $enteredlogin;
if (!defined $ENV{'REMOTE_HOST'}) { SendSQL("insert into logincookies (userid,ipaddr) values (@{[DBNameToIdAndCheck($enteredlogin)]}, @{[SqlQuote($ENV{'REMOTE_ADDR'})]})");
$ENV{'REMOTE_HOST'} = $ENV{'REMOTE_ADDR'};
}
SendSQL("insert into logincookies (userid,hostname) values (@{[DBNameToIdAndCheck($enteredlogin)]}, @{[SqlQuote($ENV{'REMOTE_HOST'})]})");
SendSQL("select LAST_INSERT_ID()"); SendSQL("select LAST_INSERT_ID()");
my $logincookie = FetchOneColumn(); my $logincookie = FetchOneColumn();
......
checksetup.pl
View file @ 2b22c65a
...@@ -1155,11 +1155,10 @@ $table{groups} = ...@@ -1155,11 +1155,10 @@ $table{groups} =
unique(bit), unique(bit),
unique(name)'; unique(name)';
$table{logincookies} = $table{logincookies} =
'cookie mediumint not null auto_increment primary key, 'cookie mediumint not null auto_increment primary key,
userid mediumint not null, userid mediumint not null,
hostname varchar(128), ipaddr varchar(40) NOT NULL,
lastused timestamp, lastused timestamp,
index(lastused)'; index(lastused)';
...@@ -2706,6 +2705,17 @@ if (GetFieldDef("bugs","qacontact_accessible")) { ...@@ -2706,6 +2705,17 @@ if (GetFieldDef("bugs","qacontact_accessible")) {
DropField("bugs", "assignee_accessible"); DropField("bugs", "assignee_accessible");
} }
# 2002-03-15 bbaetz@student.usyd.edu.au - bug 129466
# Use the ip, not the hostname, in the logincookies table
if (GetFieldDef("logincookies", "hostname")) {
# We've changed what we match against, so all entries are now invalid
$dbh->do("DELETE FROM logincookies");
# Now update the logincookies schema
DropField("logincookies", "hostname");
AddField("logincookies", "ipaddr", "varchar(40) NOT NULL");
}
# If you had to change the --TABLE-- definition in any way, then add your # If you had to change the --TABLE-- definition in any way, then add your
# differential change code *** A B O V E *** this comment. # differential change code *** A B O V E *** this comment.
# #
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment