aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2001-10-13 07:40:39 +0000
committerjustdave%syndicomm.com <>2001-10-13 07:40:39 +0000
commit5c8613183f5779686e739bc9a470c770cf8ff51d (patch)
tree6d50e8ac286f64ca475bb61ab7ee3c8e9acab6a4
parent7084639bb653b1684638c272c4da3d62de1f702b (diff)
downloadbugs-5c8613183f5779686e739bc9a470c770cf8ff51d.tar
bugs-5c8613183f5779686e739bc9a470c770cf8ff51d.tar.gz
bugs-5c8613183f5779686e739bc9a470c770cf8ff51d.tar.bz2
bugs-5c8613183f5779686e739bc9a470c770cf8ff51d.tar.xz
bugs-5c8613183f5779686e739bc9a470c770cf8ff51d.zip
Fix for bug 19910: Bugzilla installs on the same server would interfere with each others' cookies. Cookies now have a path value that can be set to indicate which bugzilla install they belong to. Browsers will only send the cookie to the appropriate installation. The path can be set in the 'cookiepath' parameter in editparams.cgi.
Patch by Dave Lawrence <dkl@redhat.com> r= myk, justdave
-rw-r--r--CGI.pl17
-rwxr-xr-xbuglist.cgi3
-rwxr-xr-xcolchange.cgi5
-rwxr-xr-xcreateaccount.cgi6
-rw-r--r--defparams.pl5
-rwxr-xr-xpost_bug.cgi5
-rwxr-xr-xquery.cgi2
-rwxr-xr-xrelogin.cgi7
8 files changed, 26 insertions, 24 deletions
diff --git a/CGI.pl b/CGI.pl
index f93c0601b..6f9461b8f 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -985,23 +985,18 @@ sub confirm_login {
my $logincookie = FetchOneColumn();
$::COOKIE{"Bugzilla_logincookie"} = $logincookie;
- print "Set-Cookie: Bugzilla_login=$enteredlogin ; path=/; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
- print "Set-Cookie: Bugzilla_logincookie=$logincookie ; path=/; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
-
- # This next one just cleans out any old bugzilla passwords that may
- # be sitting around in the cookie files, from the bad old days when
- # we actually stored the password there.
- print "Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT\n";
+ my $cookiepath = Param("cookiepath");
+ print "Set-Cookie: Bugzilla_login=$enteredlogin ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+ print "Set-Cookie: Bugzilla_logincookie=$logincookie ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
}
-
my $loginok = quietly_check_login();
if ($loginok != 1) {
if ($::disabledreason) {
- print "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+ my $cookiepath = Param("cookiepath");
+ print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
Content-type: text/html
";
diff --git a/buglist.cgi b/buglist.cgi
index c2eff0055..048d4582a 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -1329,7 +1329,8 @@ if ($serverpush) {
my $toolong = 0;
if ($::FORM{'order'}) {
my $q = url_quote($::FORM{'order'});
- print "Set-Cookie: LASTORDER=$q ; path=/; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+ my $cookiepath = Param("cookiepath");
+ print "Set-Cookie: LASTORDER=$q ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
}
if (length($buglist) < 4000) {
print "Set-Cookie: BUGLIST=$buglist\n\n";
diff --git a/colchange.cgi b/colchange.cgi
index f3521b7ad..456aeb499 100755
--- a/colchange.cgi
+++ b/colchange.cgi
@@ -75,8 +75,9 @@ if (defined $::FORM{'rememberedquery'}) {
}
my $list = join(" ", @collist);
my $urlbase = Param("urlbase");
- print "Set-Cookie: COLUMNLIST=$list ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
- print "Set-Cookie: SPLITHEADER=$::FORM{'splitheader'} ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+ my $cookiepath = Param("cookiepath");
+ print "Set-Cookie: COLUMNLIST=$list ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+ print "Set-Cookie: SPLITHEADER=$::FORM{'splitheader'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
print "Refresh: 0; URL=buglist.cgi?$::FORM{'rememberedquery'}\n";
print "\n";
print "<META HTTP-EQUIV=Refresh CONTENT=\"1; URL=$urlbase"."buglist.cgi?$::FORM{'rememberedquery'}\">\n";
diff --git a/createaccount.cgi b/createaccount.cgi
index 88c18d0fd..4e5f6d49d 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -37,9 +37,9 @@ ConnectToDatabase();
# Clear out the login cookies. Make people log in again if they create an
# account; otherwise, they'll probably get confused.
-print "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+my $cookiepath = Param("cookiepath");
+print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
Content-type: text/html
";
diff --git a/defparams.pl b/defparams.pl
index 00f332773..51ea4550a 100644
--- a/defparams.pl
+++ b/defparams.pl
@@ -140,6 +140,11 @@ sub check_urlbase {
return "";
}
+DefParam("cookiepath",
+ "Directory path under your document root that holds your Bugzilla installation. Make sure to begin with a /.",
+ "t",
+ "/");
+
DefParam("preferlists",
"If this is on, Bugzilla will display most selection options as selection lists. If this is off, Bugzilla will use radio buttons and checkboxes instead.",
"b",
diff --git a/post_bug.cgi b/post_bug.cgi
index f1a3e6443..4fc7e9c99 100755
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -48,8 +48,9 @@ sub sillyness {
confirm_login();
-print "Set-Cookie: PLATFORM=$::FORM{'product'} ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} );
-print "Set-Cookie: VERSION-$::FORM{'product'}=$::FORM{'version'} ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} && exists $::FORM{'version'} );
+my $cookiepath = Param("cookiepath");
+print "Set-Cookie: PLATFORM=$::FORM{'product'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} );
+print "Set-Cookie: VERSION-$::FORM{'product'}=$::FORM{'version'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} && exists $::FORM{'version'} );
print "Content-type: text/html\n\n";
diff --git a/query.cgi b/query.cgi
index 8ecb17e44..64107a0f8 100755
--- a/query.cgi
+++ b/query.cgi
@@ -95,7 +95,7 @@ if ($userid) {
"($userid, $qname, " . SqlQuote($value) . ")");
}
}
- print "Set-Cookie: $cookiename= ; path=/ ; expires=Sun, 30-Jun-1980 00:00:00 GMT\n";
+ print "Set-Cookie: $cookiename= ; path=" . Param("cookiepath"). "; expires=Sun, 30-Jun-1980 00:00:00 GMT\n";
}
}
}
diff --git a/relogin.cgi b/relogin.cgi
index a179bafb7..cafb5b93a 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -27,10 +27,9 @@ use vars %::COOKIE;
require "CGI.pl";
-
-print "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+my $cookiepath = Param("cookiepath");
+print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
Content-type: text/html
";