[Rt-commit] r2009 - in rt/branches/3.3-TESTING: . html

[jesse at bestpractical.com]

Author: jesse
Date: Mon Dec 20 12:30:49 2004
New Revision: 2009

Modified:
   rt/branches/3.3-TESTING/   (props changed)
   rt/branches/3.3-TESTING/html/autohandler
Log:
 r2472 at hualien:  jesse | 2004-12-20T17:04:02.657029Z
  r2464 at hualien:  jesse | 2004-12-17T23:04:58.188494Z
  Security:
      * Fixed a case where catastrophic failure of the logging infrastructure 
        on initial login could result in a failing login attempt could
        result in a valid remote session. -- Reported by Tom Yu
  
  
  
 


Modified: rt/branches/3.3-TESTING/html/autohandler
==============================================================================
--- rt/branches/3.3-TESTING/html/autohandler	(original)
+++ rt/branches/3.3-TESTING/html/autohandler	Mon Dec 20 12:30:49 2004
@@ -187,8 +187,8 @@
     if (!$session{'CurrentUser'}->id() ||
         !$session{'CurrentUser'}->IsPassword($pass))
     {
-	$RT::Logger->error("FAILED LOGIN for $user from $ENV{'REMOTE_ADDR'}");
         delete $session{'CurrentUser'};
+	$RT::Logger->error("FAILED LOGIN for $user from $ENV{'REMOTE_ADDR'}");
         $m->comp('/Elements/Login', %ARGS,
                  Error => loc('Your username or password is incorrect'));
         $m->abort();