#####################################################################
# If Bugzilla is shut down, do not allow anything to run, just display a
-# message to the user about the downtime. Scripts listed in
+# message to the user about the downtime and log out. Scripts listed in
# SHUTDOWNHTML_EXEMPT are exempt from this message.
#
# This code must go here. It cannot go anywhere in Bugzilla::CGI, because
if (Param("shutdownhtml")
&& lsearch(SHUTDOWNHTML_EXEMPT, basename($0)) == -1)
{
+ # For security reasons, log out users when Bugzilla is down.
+ # Bugzilla->login() is required to catch the logincookie, if any.
+ my $user = Bugzilla->login(LOGIN_OPTIONAL);
+ my $userid = $user->id;
+ Bugzilla->logout();
+
my $template = Bugzilla->template;
my $vars = {};
$vars->{'message'} = 'shutdown';
+ $vars->{'userid'} = $userid;
# Generate and return a message about the downtime, appropriately
# for if we're a command-line script or a CGI sript.
my $extension;
[% ELSIF message_tag == "shutdown" %]
[% title = "$terms.Bugzilla is Down" %]
[% Param("shutdownhtml") %]
+ [% IF userid %]
+ <p>For security reasons, you have been logged out automatically.
+ The cookie that was remembering your login is now gone.
+ [% END %]
[% ELSIF message_tag == "user_match_failed" %]
You entered a username that did not match any known
projects / thirdparty / bugzilla.git / commitdiff
