Fix for bug 19910: Bugzilla installs on the same server would interfere with…

Fix for bug 19910: Bugzilla installs on the same server would interfere with each others' cookies. Cookies now have a path value that can be set to indicate which bugzilla install they belong to. Browsers will only send the cookie to the appropriate installation. The path can be set in the 'cookiepath' parameter in editparams.cgi. Patch by Dave Lawrence <dkl@redhat.com> r= myk, justdave

Fix for bug 19910: Bugzilla installs on the same server would interfere with…
5c861318 · justdave%syndicomm.com · 7084639b · 5c861318 · 5c861318 · 5c861318
Commit 5c861318 authored Oct 13, 2001 by justdave%syndicomm.com
8 changed files
--- a/CGI.pl
+++ b/CGI.pl
@@ -985,23 +985,18 @@ sub confirm_login {
       my $logincookie = FetchOneColumn();

       $::COOKIE{"Bugzilla_logincookie"} = $logincookie;
-       print "Set-Cookie: Bugzilla_login=$enteredlogin ; path=/; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
-       print "Set-Cookie: Bugzilla_logincookie=$logincookie ; path=/; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
-
-       # This next one just cleans out any old bugzilla passwords that may
-       # be sitting around in the cookie files, from the bad old days when
-       # we actually stored the password there.
-       print "Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT\n";
+       my $cookiepath = Param("cookiepath");
+       print "Set-Cookie: Bugzilla_login=$enteredlogin ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+       print "Set-Cookie: Bugzilla_logincookie=$logincookie ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
    }

-
    my $loginok = quietly_check_login();

    if ($loginok != 1) {
        if ($::disabledreason) {
-            print "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+            my $cookiepath = Param("cookiepath");
+            print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
 Content-type: text/html

 ";

--- a/buglist.cgi
+++ b/buglist.cgi
@@ -1329,7 +1329,8 @@ if ($serverpush) {
 my $toolong = 0;
 if ($::FORM{'order'}) {
    my $q = url_quote($::FORM{'order'});
-    print "Set-Cookie: LASTORDER=$q ; path=/; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+    my $cookiepath = Param("cookiepath");
+    print "Set-Cookie: LASTORDER=$q ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
 }
 if (length($buglist) < 4000) {
    print "Set-Cookie: BUGLIST=$buglist\n\n";

--- a/colchange.cgi
+++ b/colchange.cgi
@@ -75,8 +75,9 @@ if (defined $::FORM{'rememberedquery'}) {
    }
    my $list = join(" ", @collist);
    my $urlbase = Param("urlbase");
-    print "Set-Cookie: COLUMNLIST=$list ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
-    print "Set-Cookie: SPLITHEADER=$::FORM{'splitheader'} ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+    my $cookiepath = Param("cookiepath");
+    print "Set-Cookie: COLUMNLIST=$list ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
+    print "Set-Cookie: SPLITHEADER=$::FORM{'splitheader'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n";
    print "Refresh: 0; URL=buglist.cgi?$::FORM{'rememberedquery'}\n";
    print "\n";
    print "<META HTTP-EQUIV=Refresh CONTENT=\"1; URL=$urlbase"."buglist.cgi?$::FORM{'rememberedquery'}\">\n";

--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -37,9 +37,9 @@ ConnectToDatabase();
 # Clear out the login cookies.  Make people log in again if they create an
 # account; otherwise, they'll probably get confused.

-print "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+my $cookiepath = Param("cookiepath");
+print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
 Content-type: text/html

 ";

--- a/defparams.pl
+++ b/defparams.pl
@@ -140,6 +140,11 @@ sub check_urlbase {
    return "";
 }

+DefParam("cookiepath", 
+  "Directory path under your document root that holds your Bugzilla installation. Make sure to begin with a /.",
+  "t",
+  "/");
+
 DefParam("preferlists",
 	"If this is on, Bugzilla will display most selection options as selection lists. If this is off, Bugzilla will use radio buttons and checkboxes instead.",
 	"b",

--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -48,8 +48,9 @@ sub sillyness {

 confirm_login();

-print "Set-Cookie: PLATFORM=$::FORM{'product'} ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} );
-print "Set-Cookie: VERSION-$::FORM{'product'}=$::FORM{'version'} ; path=/ ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} && exists $::FORM{'version'} );
+my $cookiepath = Param("cookiepath");
+print "Set-Cookie: PLATFORM=$::FORM{'product'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} );
+print "Set-Cookie: VERSION-$::FORM{'product'}=$::FORM{'version'} ; path=$cookiepath ; expires=Sun, 30-Jun-2029 00:00:00 GMT\n" if ( exists $::FORM{'product'} && exists $::FORM{'version'} );

 print "Content-type: text/html\n\n";


--- a/query.cgi
+++ b/query.cgi
@@ -95,7 +95,7 @@ if ($userid) {
                            "($userid, $qname, " . SqlQuote($value) . ")");
                }
            }
-            print "Set-Cookie: $cookiename= ; path=/ ; expires=Sun, 30-Jun-1980 00:00:00 GMT\n";
+            print "Set-Cookie: $cookiename= ; path=" . Param("cookiepath"). "; expires=Sun, 30-Jun-1980 00:00:00 GMT\n";
        }
    }
 }

--- a/relogin.cgi
+++ b/relogin.cgi
@@ -27,10 +27,9 @@ use vars %::COOKIE;

 require "CGI.pl";

-
-print "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
-Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT
+my $cookiepath = Param("cookiepath");
+print "Set-Cookie: Bugzilla_login= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
+Set-Cookie: Bugzilla_logincookie= ; path=$cookiepath; expires=Sun, 30-Jun-80 00:00:00 GMT
 Content-type: text/html

 ";