From: justdave%syndicomm.com <>
Date: Sat, 17 Nov 2001 16:01:54 +0000 (+0000)
Subject: Fix for bug 108516: It was possible to file a bug as someone you're not.  User identi... 
X-Git-Tag: bugzilla-2.14.1~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e686e88230454542130c94df70a99cb4e85c2840;p=thirdparty%2Fbugzilla.git

Fix for bug 108516: It was possible to file a bug as someone you're not.  User identity is now checked and the form values
giving user ID are now ignored.
r= jake, bbaetz
---

diff --git a/post_bug.cgi b/post_bug.cgi
index bcbef7bb3f..dcb3f245fb 100755
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -48,9 +48,8 @@ sub sillyness {
 
 confirm_login();
 
-my $cookiepath = Param("cookiepath");
-print "Set-Cookie: PLATFORM=$::FORM{'product'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} );
-print "Set-Cookie: VERSION-$::FORM{'product'}=$::FORM{'version'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} && exists $::FORM{'version'} );
+print "Set-Cookie: PLATFORM=$::FORM{'product'} ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} );
+print "Set-Cookie: VERSION-$::FORM{'product'}=$::FORM{'version'} ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} && exists $::FORM{'version'} );
 
 print "Content-type: text/html\n\n";