summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2015-02-17 21:32:32 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2015-02-17 21:32:32 +0100
commit10aa3f02a861c50fc89867dfb04cab72de14922f (patch)
tree2c474a62058d617e92b4915693220a486767151f
parent9f76caa9e3493c2df055bed736463659770c0798 (diff)
downloadbugzilla-10aa3f02a861c50fc89867dfb04cab72de14922f.tar.gz
bugzilla-10aa3f02a861c50fc89867dfb04cab72de14922f.tar.xz
Bug 1132887: When starting a sudo session, the password is not validated
r=dkl a=glob
-rwxr-xr-xrelogin.cgi3
1 files changed, 3 insertions, 0 deletions
diff --git a/relogin.cgi b/relogin.cgi
index 6f0c970f1..c4aae8d0b 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -64,6 +64,9 @@ elsif ($action eq 'prepare-sudo') {
-httponly => 1,
%args);
+ # The user ID must not be set when generating the token, because
+ # that information will not be available when validating it.
+ local Bugzilla->user->{userid} = 0;
$vars->{'login_request_token'} = issue_hash_token(['login_request', $value]);
}