Skip to content

bugzilla
bugzilla
Commit d8b02aff authored by reed%reedloden.com's avatar reed%reedloden.com
Browse files
Options

Bug 368502 - "Bugzilla_logincookie should not be accessible via javascript" [p=reed r+a=mkanat]

parent d68db405
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 5 deletions
Bugzilla/Auth/Persist/Cookie.pm
View file @ d8b02aff
......@@ -76,17 +76,20 @@ sub persist_login {
{
$cgi->send_cookie(-name => 'Bugzilla_login',
-value => $user->id,
-httponly => 1,
-expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
$cgi->send_cookie(-name => 'Bugzilla_logincookie',
-value => $login_cookie,
-httponly => 1,
-expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
}
else {
$cgi->send_cookie(-name => 'Bugzilla_login',
-value => $user->id);
-value => $user->id,
-httponly => 1);
$cgi->send_cookie(-name => 'Bugzilla_logincookie',
-value => $login_cookie);
-value => $login_cookie,
-httponly => 1);
}
}
......
Bugzilla/Install/Requirements.pm
View file @ d8b02aff
......@@ -61,7 +61,8 @@ sub REQUIRED_MODULES {
module => 'CGI',
# Perl 5.10 requires CGI 3.33 due to a taint issue when
# uploading attachments, see bug 416382.
version => (vers_cmp($perl_ver, '5.10') > -1) ? '3.33' : '2.93'
# Require CGI 3.21 for -httponly support, see bug 368502.
version => (vers_cmp($perl_ver, '5.10') > -1) ? '3.33' : '3.21'
},
{
package => 'TimeDate',
......
template/en/default/pages/release-notes.html.tmpl
View file @ d8b02aff
......@@ -79,7 +79,7 @@
[% INCLUDE req_table reqs = REQUIRED_MODULES
new = []
updated = ['Template-Toolkit', 'Email-MIME',
'Email-MIME-Modifier'] %]
'Email-MIME-Modifier', 'CGI'] %]
<h3><a name="v32_req_optional_mod"></a>Optional Perl Modules</h3>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment