From a220304a8d354603e0c5c67b8eadf9fe0cc223bf Mon Sep 17 00:00:00 2001 From: Duncan Tyler Date: Wed, 21 Dec 2011 14:59:21 +1300 Subject: [PATCH] Bug 6627 [Signed Off] - Update to improve security in specified log files - bug 6627 Signed-off-by: Liz Rea Verified sessionlog file is not written to /tmp when patch is applied. Also verified original bug - logging in did in fact log to /tmp. Signed-off-by: Paul Poulain (cherry picked from commit 00290e86197bbd0129a4fc943a957f823235210d) Signed-off-by: Chris Nighswonger --- C4/Auth.pm | 8 ++++---- C4/Print.pm | 10 +++++++++- installer/InstallAuth.pm | 3 ++- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index e360e1085b..bbe472bf8b 100755 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -703,7 +703,7 @@ sub checkauth { $session->flush; $session->delete(); C4::Context->_unset_userenv($sessionID); - _session_log(sprintf "%20s from %16s logged out at %30s (manually).\n", $userid,$ip,(strftime "%c",localtime)); + #_session_log(sprintf "%20s from %16s logged out at %30s (manually).\n", $userid,$ip,(strftime "%c",localtime)); $sessionID = undef; $userid = undef; @@ -716,7 +716,7 @@ sub checkauth { $info{'timed_out'} = 1; $session->delete(); C4::Context->_unset_userenv($sessionID); - _session_log(sprintf "%20s from %16s logged out at %30s (inactivity).\n", $userid,$ip,(strftime "%c",localtime)); + #_session_log(sprintf "%20s from %16s logged out at %30s (inactivity).\n", $userid,$ip,(strftime "%c",localtime)); $userid = undef; $sessionID = undef; } @@ -727,7 +727,7 @@ sub checkauth { $info{'different_ip'} = 1; $session->delete(); C4::Context->_unset_userenv($sessionID); - _session_log(sprintf "%20s from %16s logged out at %30s (ip changed to %16s).\n", $userid,$ip,(strftime "%c",localtime), $info{'newip'}); + #_session_log(sprintf "%20s from %16s logged out at %30s (ip changed to %16s).\n", $userid,$ip,(strftime "%c",localtime), $info{'newip'}); $sessionID = undef; $userid = undef; } @@ -765,7 +765,7 @@ sub checkauth { $userid = $retuserid if ($retuserid ne ''); } if ($return) { - _session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},(strftime '%c', localtime)); + #_session_log(sprintf "%20s from %16s logged in at %30s.\n", $userid,$ENV{'REMOTE_ADDR'},(strftime '%c', localtime)); if ( $flags = haspermission( $userid, $flagsrequired ) ) { $loggedin = 1; } diff --git a/C4/Print.pm b/C4/Print.pm index 2ba7584d2b..f8108161c2 100644 --- a/C4/Print.pm +++ b/C4/Print.pm @@ -79,7 +79,8 @@ sub remoteprint ($$) { # to have spaces in them). Or perhaps if $queue eq "" and # $env->{file} ne "", then that should mean "print to $env->{file}". if ( $queue eq "" || $queue eq 'nulllp' ) { - open( PRINTER, ">/tmp/kohaiss" ); + return; + #open( PRINTER, ">/tmp/kohaiss" ); } else { @@ -125,6 +126,10 @@ sub remoteprint ($$) { } sub printreserve { + + # FIXME - make useful + return; + my ( $branchname, $bordata, $itemdata ) = @_; my $printer = ''; (return) unless ( C4::Context->boolean_preference('printreserveslips') ); @@ -175,6 +180,9 @@ print a slip for the given $borrowernumber #' sub printslip ($) { + + #FIXME - make useful + my $borrowernumber = shift; my $borrower = GetMemberDetails($borrowernumber); my $issueslist = GetPendingIssues($borrowernumber); diff --git a/installer/InstallAuth.pm b/installer/InstallAuth.pm index 10cbea3f3c..ccdcbcb10d 100644 --- a/installer/InstallAuth.pm +++ b/installer/InstallAuth.pm @@ -274,7 +274,8 @@ sub checkauth { C4::Context->_unset_userenv($sessionID); $sessionID = undef; $userid = undef; - open L, ">>/tmp/sessionlog"; + # Commented out due to its lack of usefulness + # open L, ">>/tmp/sessionlog"; my $time = localtime( time() ); printf L "%20s from %16s logged out at %30s (manually).\n", $userid, $ip, $time; -- 2.39.5