Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
bugzilla
Commits
d8b02aff
Commit
d8b02aff
authored
Aug 23, 2008
by
reed%reedloden.com
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 368502 - "Bugzilla_logincookie should not be accessible via javascript" [p=reed r+a=mkanat]
parent
d68db405
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
9 additions
and
5 deletions
+9
-5
Cookie.pm
Bugzilla/Auth/Persist/Cookie.pm
+6
-3
Requirements.pm
Bugzilla/Install/Requirements.pm
+2
-1
release-notes.html.tmpl
template/en/default/pages/release-notes.html.tmpl
+1
-1
No files found.
Bugzilla/Auth/Persist/Cookie.pm
View file @
d8b02aff
...
@@ -76,17 +76,20 @@ sub persist_login {
...
@@ -76,17 +76,20 @@ sub persist_login {
{
{
$cgi
->
send_cookie
(
-
name
=>
'Bugzilla_login'
,
$cgi
->
send_cookie
(
-
name
=>
'Bugzilla_login'
,
-
value
=>
$user
->
id
,
-
value
=>
$user
->
id
,
-
httponly
=>
1
,
-
expires
=>
'Fri, 01-Jan-2038 00:00:00 GMT'
);
-
expires
=>
'Fri, 01-Jan-2038 00:00:00 GMT'
);
$cgi
->
send_cookie
(
-
name
=>
'Bugzilla_logincookie'
,
$cgi
->
send_cookie
(
-
name
=>
'Bugzilla_logincookie'
,
-
value
=>
$login_cookie
,
-
value
=>
$login_cookie
,
-
httponly
=>
1
,
-
expires
=>
'Fri, 01-Jan-2038 00:00:00 GMT'
);
-
expires
=>
'Fri, 01-Jan-2038 00:00:00 GMT'
);
}
}
else
{
else
{
$cgi
->
send_cookie
(
-
name
=>
'Bugzilla_login'
,
$cgi
->
send_cookie
(
-
name
=>
'Bugzilla_login'
,
-
value
=>
$user
->
id
);
-
value
=>
$user
->
id
,
-
httponly
=>
1
);
$cgi
->
send_cookie
(
-
name
=>
'Bugzilla_logincookie'
,
$cgi
->
send_cookie
(
-
name
=>
'Bugzilla_logincookie'
,
-
value
=>
$login_cookie
);
-
value
=>
$login_cookie
,
-
httponly
=>
1
);
}
}
}
}
...
...
Bugzilla/Install/Requirements.pm
View file @
d8b02aff
...
@@ -61,7 +61,8 @@ sub REQUIRED_MODULES {
...
@@ -61,7 +61,8 @@ sub REQUIRED_MODULES {
module
=>
'CGI'
,
module
=>
'CGI'
,
# Perl 5.10 requires CGI 3.33 due to a taint issue when
# Perl 5.10 requires CGI 3.33 due to a taint issue when
# uploading attachments, see bug 416382.
# uploading attachments, see bug 416382.
version
=>
(
vers_cmp
(
$perl_ver
,
'5.10'
)
>
-
1
)
?
'3.33'
:
'2.93'
# Require CGI 3.21 for -httponly support, see bug 368502.
version
=>
(
vers_cmp
(
$perl_ver
,
'5.10'
)
>
-
1
)
?
'3.33'
:
'3.21'
},
},
{
{
package
=>
'TimeDate'
,
package
=>
'TimeDate'
,
...
...
template/en/default/pages/release-notes.html.tmpl
View file @
d8b02aff
...
@@ -79,7 +79,7 @@
...
@@ -79,7 +79,7 @@
[% INCLUDE req_table reqs = REQUIRED_MODULES
[% INCLUDE req_table reqs = REQUIRED_MODULES
new = []
new = []
updated = ['Template-Toolkit', 'Email-MIME',
updated = ['Template-Toolkit', 'Email-MIME',
'Email-MIME-Modifier'] %]
'Email-MIME-Modifier'
, 'CGI'
] %]
<h3><a name="v32_req_optional_mod"></a>Optional Perl Modules</h3>
<h3><a name="v32_req_optional_mod"></a>Optional Perl Modules</h3>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
