[Rt-commit] r2005 - in rt/branches/3.2-RELEASE: . html

[jesse at bestpractical.com]

Author: jesse
Date: Fri Dec 17 18:09:16 2004
New Revision: 2005

Modified:
   rt/branches/3.2-RELEASE/   (props changed)
   rt/branches/3.2-RELEASE/html/autohandler
Log:
 r2464 at hualien:  jesse | 2004-12-17T23:04:58.188494Z
 Security:
     * Fixed a case where catastrophic failure of the logging infrastructure 
       on initial login could result in a failing login attempt could
       result in a valid remote session. -- Reported by Tom Yu
 
 
 


Modified: rt/branches/3.2-RELEASE/html/autohandler
==============================================================================
--- rt/branches/3.2-RELEASE/html/autohandler	(original)
+++ rt/branches/3.2-RELEASE/html/autohandler	Fri Dec 17 18:09:16 2004
@@ -193,8 +193,8 @@
     if (!$session{'CurrentUser'}->id() ||
         !$session{'CurrentUser'}->IsPassword($pass))
     {
-	$RT::Logger->error("FAILED LOGIN for $user from $ENV{'REMOTE_ADDR'}");
         delete $session{'CurrentUser'};
+	$RT::Logger->error("FAILED LOGIN for $user from $ENV{'REMOTE_ADDR'}");
         $m->comp('/Elements/Login', %ARGS,
                  Error => loc('Your username or password is incorrect'));
         $m->abort();