From 7291a312332e4fac7ac61288f33a001d4a7b306c Mon Sep 17 00:00:00 2001 From: Kyle M Hall Date: Wed, 20 Mar 2024 15:32:50 -0400 Subject: [PATCH] Bug 36378: Cannot stay logged in if AutoLocation is enabled but branch ip is not set correctly We can get into a scenario what a user cannot stay logged in for more than a single page load. If AutoLocation is enabled with branch IP addresses being set to a space, you will be logged out with every page load. Test Plan: 1) Set your branch ip to a space 2) Enable AutoLocation 3) Restart all the things! 4) Log out 5) Log in 6) Browse to another page 7) You are logged out 8) Apply patch 9) Repeat 1-6 10) You are not logged out! Signed-off-by: Andrew Fuerste Henry Signed-off-by: Martin Renvoize Signed-off-by: Katrin Fischer --- C4/Auth.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/C4/Auth.pm b/C4/Auth.pm index e3478ea691..608650937f 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -1220,6 +1220,7 @@ sub checkauth { # we have to check they are coming from the right ip range my $domain = $branches->{$branchcode}->{'branchip'}; $domain =~ s|\.\*||g; + $domain =~ s/\s+//g; if ( $ip !~ /^$domain/ ) { $cookie = $cookie_mgr->replace_in_list( $cookie, $query->cookie( -name => 'CGISESSID', -- 2.39.5