[mantisbt-commits] mantisbt.git branch, master, updated. release-1.2.0rc1-205-g0abe9b4

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

The branch, master has been updated
       via  0abe9b4544c4440d13cb6fbcbae6070b11371da3 (commit)
      from  2a53ece7a339c158e8e48b972a9302736b2d6a9d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0abe9b4544c4440d13cb6fbcbae6070b11371da3
Author: John Reese <jr...@le...>
Date:   Sat Sep 12 20:13:59 2009 -0400

    Fix #10930: Fix verification redirect loop
    
    User verification was logging out the user, and then calling auth_api
    functions that implicitly logged in the anonymous user, resulting in an
    endless redirection loop.  By adding a parameter to the appropriate
    auth_api function, the verification page can specify that the anonymous
    user should not be implicitly logged in.

-----------------------------------------------------------------------

Summary of changes:
 core/authentication_api.php |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

-----------------------------------------------------------------------

commit 0abe9b4544c4440d13cb6fbcbae6070b11371da3
Author: John Reese <jr...@le...>
Date:   Sat Sep 12 20:13:59 2009 -0400

    Fix #10930: Fix verification redirect loop
    
    User verification was logging out the user, and then calling auth_api
    functions that implicitly logged in the anonymous user, resulting in an
    endless redirection loop.  By adding a parameter to the appropriate
    auth_api function, the verification page can specify that the anonymous
    user should not be implicitly logged in.

diff --git a/core/authentication_api.php b/core/authentication_api.php
index 159b293..4879699 100644
--- a/core/authentication_api.php
+++ b/core/authentication_api.php
@@ -93,7 +93,7 @@ function auth_is_user_authenticated() {
 	if( $g_cache_cookie_valid == true ) {
 		return $g_cache_cookie_valid;
 	}
-	$g_cache_cookie_valid = auth_is_cookie_valid( auth_get_current_user_cookie() );
+	$g_cache_cookie_valid = auth_is_cookie_valid( auth_get_current_user_cookie( false ) );
 	return $g_cache_cookie_valid;
 }
 
@@ -550,10 +550,11 @@ function auth_is_cookie_string_unique( $p_cookie_string ) {
  * if no user is logged in and anonymous login is enabled, returns cookie for anonymous user
  * otherwise returns '' (an empty string)
  *
+ * @param boolean auto-login anonymous user
  * @return string current user login cookie string
  * @access public
  */
-function auth_get_current_user_cookie() {
+function auth_get_current_user_cookie( $p_login_anonymous=true ) {
 	global $g_script_login_cookie, $g_cache_anonymous_user_cookie_string;
 
 	# if logging in via a script, return that cookie
@@ -567,7 +568,7 @@ function auth_get_current_user_cookie() {
 
 	# if cookie not found, and anonymous login enabled, use cookie of anonymous account.
 	if( is_blank( $t_cookie ) ) {
-		if( ON == config_get( 'allow_anonymous_login' ) ) {
+		if( $p_login_anonymous && ON == config_get( 'allow_anonymous_login' ) ) {
 			if( $g_cache_anonymous_user_cookie_string === null ) {
 				if( function_exists( 'db_is_connected' ) && db_is_connected() ) {
 

-----------------------------------------------------------------------


--
Mantis Bug Tracker


