diff options
author | karl%kornel.name <> | 2005-12-14 05:03:13 +0100 |
---|---|---|
committer | karl%kornel.name <> | 2005-12-14 05:03:13 +0100 |
commit | 80d6208e79656bacaecfd1f9683dcc978ea967cc (patch) | |
tree | 562d5ded0a643c04170a5c8506ad59e84c5ad562 | |
parent | ae887eab29d3f2a665e6b188d3cb834825daa57c (diff) | |
download | bugzilla-80d6208e79656bacaecfd1f9683dcc978ea967cc.tar.gz bugzilla-80d6208e79656bacaecfd1f9683dcc978ea967cc.tar.xz |
Bug 313679: Changing email address in sudo mode logs user in as
impersonated user - Patch by A. Karl Kornel <karl@kornel.name>
r=wurblzap a=justdave
-rwxr-xr-x | userprefs.cgi | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index 24c9136f4..a5590e4eb 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -420,9 +420,11 @@ sub SaveSavedSearches { my $cgi = Bugzilla->cgi; # This script needs direct access to the username and password CGI variables, -# so we save them before their removal in Bugzilla->login +# so we save them before their removal in Bugzilla->login, and delete them +# prior to login if we might possibly be in an sudo session. my $bugzilla_login = $cgi->param('Bugzilla_login'); my $bugzilla_password = $cgi->param('Bugzilla_password'); +$cgi->delete('Bugzilla_login', 'Bugzilla_password') if ($cgi->cookie('sudo')); Bugzilla->login(LOGIN_REQUIRED); $cgi->param('Bugzilla_login', $bugzilla_login); |