Bug 907438 - In MySQL, login cookie checking is not case-sensitive, reducing total...

author Dave Lawrence <dlawrence@mozilla.com>

Wed, 16 Oct 2013 16:16:27 +0000 (12:16 -0400)

committer Dave Lawrence <dlawrence@mozilla.com>

Wed, 16 Oct 2013 16:16:27 +0000 (12:16 -0400)
author Dave Lawrence <dlawrence@mozilla.com>
Wed, 16 Oct 2013 16:16:27 +0000 (12:16 -0400)
committer Dave Lawrence <dlawrence@mozilla.com>
Wed, 16 Oct 2013 16:16:27 +0000 (12:16 -0400)
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm

index 3068331ea98980b39ace7ccb5105898ca6f13b31..d2f9e2f1ea5999b72941a00268c037d341df51b9 100644 (file)
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -66,8 +66,8 @@ sub get_login_info {
          trick_taint($login_cookie);
          detaint_natural($user_id);
  
-        my $is_valid =
-          $dbh->selectrow_array('SELECT 1
+        my $db_cookie =
+          $dbh->selectrow_array('SELECT cookie
                                     FROM logincookies
                                    WHERE cookie = ?
                                          AND userid = ?
@@ -77,7 +77,7 @@ sub get_login_info {
          # If the cookie or token is valid, return a valid username.
          # If they were not valid and we are using a webservice, then
          # throw an error notifying the client.
-        if ($is_valid) {
+        if (defined $db_cookie && $login_cookie eq $db_cookie) {
              # If we logged in successfully, then update the lastused 
              # time on the login cookie
              $dbh->do("UPDATE logincookies SET lastused = NOW()
author	Dave Lawrence <dlawrence@mozilla.com>
	Wed, 16 Oct 2013 16:16:27 +0000 (12:16 -0400)
committer	Dave Lawrence <dlawrence@mozilla.com>
	Wed, 16 Oct 2013 16:16:27 +0000 (12:16 -0400)