diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2015-02-17 21:35:28 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2015-02-17 21:35:28 +0100 |
| commit | c473640f869a5ec5e59aa9136b2f054c76a31220 (patch) | |
| tree | 192366302db1f0a0d5b112ba4c670ad59caec39f /relogin.cgi | |
| parent | b4c5ed1af358ce52e9c1413ead836e4a371094d0 (diff) | |
| download | bugs-c473640f869a5ec5e59aa9136b2f054c76a31220.tar bugs-c473640f869a5ec5e59aa9136b2f054c76a31220.tar.gz bugs-c473640f869a5ec5e59aa9136b2f054c76a31220.tar.bz2 bugs-c473640f869a5ec5e59aa9136b2f054c76a31220.tar.xz bugs-c473640f869a5ec5e59aa9136b2f054c76a31220.zip | |
Bug 1132887: When starting a sudo session, the password is not validated
r=dkl a=glob
Diffstat (limited to 'relogin.cgi')
| -rwxr-xr-x | relogin.cgi | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/relogin.cgi b/relogin.cgi index 6f0c970f1..c4aae8d0b 100755 --- a/relogin.cgi +++ b/relogin.cgi @@ -64,6 +64,9 @@ elsif ($action eq 'prepare-sudo') { -httponly => 1, %args); + # The user ID must not be set when generating the token, because + # that information will not be available when validating it. + local Bugzilla->user->{userid} = 0; $vars->{'login_request_token'} = issue_hash_token(['login_request', $value]); } |