Attachment 292326 Details for Bug 429495 – Patch to add cookie_secure param to auth code

[patch] Patch to add cookie_secure param to auth code

cookie_secure.patch (text/plain), 3.37 KB, created by David Lawrence on 2008-01-21 05:29:57 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: David Lawrence

Created: 2008-01-21 05:29:57 UTC

Size: 3.37 KB

patch

obsolete

>Index: Bugzilla/Auth/Persist/Cookie.pm
>===================================================================
>RCS file: /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Auth/Persist/Cookie.pm,v
>retrieving revision 1.5
>diff -u -r1.5 Cookie.pm
>--- Bugzilla/Auth/Persist/Cookie.pm	3 Jul 2006 21:42:46 -0000	1.5
>+++ Bugzilla/Auth/Persist/Cookie.pm	21 Jan 2008 04:35:06 -0000
>@@ -67,6 +67,9 @@
>               VALUES (?, ?, ?, NOW())",
>               undef, $login_cookie, $user->id, $ip_addr);
> 
>+    # Send cookie only if over secure connection if cookie_secure is set to true
>+    my $cookie_secure = Bugzilla->params->{'cookie_secure'} ? 1 : 0;
>+
>     # Remember cookie only if admin has told so
>     # or admin didn't forbid it and user told to remember.
>     if ( Bugzilla->params->{'rememberlogin'} eq 'on' ||
>@@ -76,17 +79,21 @@
>     {
>         $cgi->send_cookie(-name => 'Bugzilla_login',
>                           -value => $user->id,
>-                          -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
>+                          -expires => 'Fri, 01-Jan-2038 00:00:00 GMT',
>+                          -secure => $cookie_secure);
>         $cgi->send_cookie(-name => 'Bugzilla_logincookie',
>                           -value => $login_cookie,
>-                          -expires => 'Fri, 01-Jan-2038 00:00:00 GMT');
>+                          -expires => 'Fri, 01-Jan-2038 00:00:00 GMT',
>+                          -secure => $cookie_secure);
> 
>     }
>     else {
>         $cgi->send_cookie(-name => 'Bugzilla_login',
>-                          -value => $user->id);
>+                          -value => $user->id,
>+                          -secure => $cookie_secure);
>         $cgi->send_cookie(-name => 'Bugzilla_logincookie',
>-                          -value => $login_cookie);
>+                          -value => $login_cookie,
>+                          -secure => $cookie_secure);
>     }
> }
> 
>Index: Bugzilla/Config/Auth.pm
>===================================================================
>RCS file: /cvsroot/mozilla/webtools/bugzilla/Bugzilla/Config/Auth.pm,v
>retrieving revision 1.3
>diff -u -r1.3 Auth.pm
>--- Bugzilla/Config/Auth.pm	2 Aug 2007 22:38:39 -0000	1.3
>+++ Bugzilla/Config/Auth.pm	21 Jan 2008 04:35:06 -0000
>@@ -104,6 +104,12 @@
>   },
> 
>   {
>+   name => 'cookie_secure',
>+   type => 'b',
>+   default => '0',
>+  },
>+
>+  {
>    name => 'emailregexp',
>    type => 't',
>    default => q:^[\\w\\.\\+\\-=]+@[\\w\\.\\-]+\\.[\\w\\-]+$:,
>Index: template/en/default/admin/params/auth.html.tmpl
>===================================================================
>RCS file: /cvsroot/mozilla/webtools/bugzilla/template/en/default/admin/params/auth.html.tmpl,v
>retrieving revision 1.4
>diff -u -r1.4 auth.html.tmpl
>--- template/en/default/admin/params/auth.html.tmpl	5 Dec 2007 00:48:30 -0000	1.4
>+++ template/en/default/admin/params/auth.html.tmpl	21 Jan 2008 04:35:06 -0000
>@@ -112,6 +112,9 @@
>                   "front page will require a login. No anonymous users will " _
>                   "be permitted.",
> 
>+  cookie_secure => "If this attribute is set, the cookie will only be sent if the CGI " _
>+                   "request is occurring on a secure channel, such as SSL.",
>+
>   emailregexp => "This defines the regexp to use for legal email addresses. The " _
>                  "default tries to match fully qualified email addresses. Another " _
>                  "popular value to put here is <tt>^[^@]+$</tt>, which means " _

Actions: View | Diff

Attachments on bug 429495: 292326