summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkarl%kornel.name <>2005-12-14 05:03:13 +0100
committerkarl%kornel.name <>2005-12-14 05:03:13 +0100
commit80d6208e79656bacaecfd1f9683dcc978ea967cc (patch)
tree562d5ded0a643c04170a5c8506ad59e84c5ad562
parentae887eab29d3f2a665e6b188d3cb834825daa57c (diff)
downloadbugzilla-80d6208e79656bacaecfd1f9683dcc978ea967cc.tar.gz
bugzilla-80d6208e79656bacaecfd1f9683dcc978ea967cc.tar.xz
Bug 313679: Changing email address in sudo mode logs user in as
impersonated user - Patch by A. Karl Kornel <karl@kornel.name> r=wurblzap a=justdave
-rwxr-xr-xuserprefs.cgi4
1 files changed, 3 insertions, 1 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index 24c9136f4..a5590e4eb 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -420,9 +420,11 @@ sub SaveSavedSearches {
my $cgi = Bugzilla->cgi;
# This script needs direct access to the username and password CGI variables,
-# so we save them before their removal in Bugzilla->login
+# so we save them before their removal in Bugzilla->login, and delete them
+# prior to login if we might possibly be in an sudo session.
my $bugzilla_login = $cgi->param('Bugzilla_login');
my $bugzilla_password = $cgi->param('Bugzilla_password');
+$cgi->delete('Bugzilla_login', 'Bugzilla_password') if ($cgi->cookie('sudo'));
Bugzilla->login(LOGIN_REQUIRED);
$cgi->param('Bugzilla_login', $bugzilla_login);