From: lpsolit%gmail.com <> Date: Thu, 28 Jul 2005 03:01:38 +0000 (+0000) Subject: Bug 273767: Cannot log out when Param(shutdownhtml) is active - Patch by Frédéric... X-Git-Tag: bugzilla-2.20rc2~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5bd07e6b68079df8dcb23c2a6c4109c30961c488;p=thirdparty%2Fbugzilla.git Bug 273767: Cannot log out when Param(shutdownhtml) is active - Patch by Frédéric Buclin r=wicked a=myk --- diff --git a/CGI.pl b/CGI.pl index e00881ade2..190fc8de8d 100644 --- a/CGI.pl +++ b/CGI.pl @@ -67,15 +67,21 @@ require 'globals.pl'; use vars qw($template $vars); # If Bugzilla is shut down, do not go any further, just display a message -# to the user about the downtime. (do)editparams.cgi is exempted from -# this message, of course, since it needs to be available in order for +# to the user about the downtime and log out. (do)editparams.cgi is exempted +# from this message, of course, since it needs to be available in order for # the administrator to open Bugzilla back up. if (Param("shutdownhtml") && $0 !~ m:(^|[\\/])(do)?editparams\.cgi$:) { - $::vars->{'message'} = "shutdown"; + # For security reasons, log out users when Bugzilla is down. + # Bugzilla->login() is required to catch the logincookie, if any. + my $user = Bugzilla->login(LOGIN_OPTIONAL); + my $userid = $user->id; + Bugzilla->logout(); # Return the appropriate HTTP response headers. print Bugzilla->cgi->header(); + $::vars->{'message'} = "shutdown"; + $::vars->{'userid'} = $userid; # Generate and return an HTML message about the downtime. $::template->process("global/message.html.tmpl", $::vars) || ThrowTemplateError($::template->error()); diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl index 156bab3d89..d0435597d3 100644 --- a/template/en/default/global/messages.html.tmpl +++ b/template/en/default/global/messages.html.tmpl @@ -236,6 +236,10 @@ [% ELSIF message_tag == "shutdown" %] [% title = "$terms.Bugzilla is Down" %] [% Param("shutdownhtml") %] + [% IF userid %] +

For security reasons, you have been logged out automatically. + The cookie that was remembering your login is now gone. + [% END %] [% ELSIF message_tag == "user_match_failed" %] You entered a username that did not match any known