From: lpsolit%gmail.com <> Date: Thu, 28 Jul 2005 03:05:47 +0000 (+0000) Subject: Bug 273767: Cannot log out when Param(shutdownhtml) is active - Patch by Frédéric... X-Git-Tag: bugzilla-2.18.4~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed32ea20eb806a4772527b25688f001ea5195d4f;p=thirdparty%2Fbugzilla.git Bug 273767: Cannot log out when Param(shutdownhtml) is active - Patch by Frédéric Buclin r=wicked a=myk --- diff --git a/CGI.pl b/CGI.pl index 2af838dc21..862cb7a8b1 100644 --- a/CGI.pl +++ b/CGI.pl @@ -61,15 +61,21 @@ require 'globals.pl'; use vars qw($template $vars); # If Bugzilla is shut down, do not go any further, just display a message -# to the user about the downtime. (do)editparams.cgi is exempted from -# this message, of course, since it needs to be available in order for +# to the user about the downtime and log out. (do)editparams.cgi is exempted +# from this message, of course, since it needs to be available in order for # the administrator to open Bugzilla back up. if (Param("shutdownhtml") && $0 !~ m:(^|[\\/])(do)?editparams\.cgi$:) { - $::vars->{'message'} = "shutdown"; + # For security reasons, log out users when Bugzilla is down. + # Bugzilla->login() is required to catch the logincookie, if any. + my $user = Bugzilla->login(LOGIN_OPTIONAL); + my $userid = defined($user) ? $user->id : 0; + Bugzilla->logout(); # Return the appropriate HTTP response headers. print Bugzilla->cgi->header(); + $::vars->{'message'} = "shutdown"; + $::vars->{'userid'} = $userid; # Generate and return an HTML message about the downtime. $::template->process("global/message.html.tmpl", $::vars) || ThrowTemplateError($::template->error()); diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl index 1685152274..8872928678 100644 --- a/template/en/default/global/messages.html.tmpl +++ b/template/en/default/global/messages.html.tmpl @@ -158,7 +158,11 @@ [% ELSIF message_tag == "shutdown" %] [% title = "$terms.Bugzilla is Down" %] [% Param("shutdownhtml") %] - + [% IF userid %] +

For security reasons, you have been logged out automatically. + The cookie that was remembering your login is now gone. + [% END %] + [% ELSE %] [%# Give sensible error if error functions are used incorrectly. #%]