From ed32ea20eb806a4772527b25688f001ea5195d4f Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Thu, 28 Jul 2005 03:05:47 +0000 Subject: [PATCH] =?utf8?q?Bug=20273767:=20Cannot=20log=20out=20when=20Para?= =?utf8?q?m(shutdownhtml)=20is=20active=20-=20Patch=20by=20Fr=C3=A9d=C3=A9?= =?utf8?q?ric=20Buclin=20=20r=3Dwicked=20a=3Dmyk?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- CGI.pl | 12 +++++++++--- template/en/default/global/messages.html.tmpl | 6 +++++- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/CGI.pl b/CGI.pl index 2af838dc21..862cb7a8b1 100644 --- a/CGI.pl +++ b/CGI.pl @@ -61,15 +61,21 @@ require 'globals.pl'; use vars qw($template $vars); # If Bugzilla is shut down, do not go any further, just display a message -# to the user about the downtime. (do)editparams.cgi is exempted from -# this message, of course, since it needs to be available in order for +# to the user about the downtime and log out. (do)editparams.cgi is exempted +# from this message, of course, since it needs to be available in order for # the administrator to open Bugzilla back up. if (Param("shutdownhtml") && $0 !~ m:(^|[\\/])(do)?editparams\.cgi$:) { - $::vars->{'message'} = "shutdown"; + # For security reasons, log out users when Bugzilla is down. + # Bugzilla->login() is required to catch the logincookie, if any. + my $user = Bugzilla->login(LOGIN_OPTIONAL); + my $userid = defined($user) ? $user->id : 0; + Bugzilla->logout(); # Return the appropriate HTTP response headers. print Bugzilla->cgi->header(); + $::vars->{'message'} = "shutdown"; + $::vars->{'userid'} = $userid; # Generate and return an HTML message about the downtime. $::template->process("global/message.html.tmpl", $::vars) || ThrowTemplateError($::template->error()); diff --git a/template/en/default/global/messages.html.tmpl b/template/en/default/global/messages.html.tmpl index 1685152274..8872928678 100644 --- a/template/en/default/global/messages.html.tmpl +++ b/template/en/default/global/messages.html.tmpl @@ -158,7 +158,11 @@ [% ELSIF message_tag == "shutdown" %] [% title = "$terms.Bugzilla is Down" %] [% Param("shutdownhtml") %] - + [% IF userid %] +

For security reasons, you have been logged out automatically. + The cookie that was remembering your login is now gone. + [% END %] + [% ELSE %] [%# Give sensible error if error functions are used incorrectly. #%] -- 2.47.2