From 80d6208e79656bacaecfd1f9683dcc978ea967cc Mon Sep 17 00:00:00 2001 From: "karl%kornel.name" <> Date: Wed, 14 Dec 2005 04:03:13 +0000 Subject: Bug 313679: Changing email address in sudo mode logs user in as impersonated user - Patch by A. Karl Kornel r=wurblzap a=justdave --- userprefs.cgi | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'userprefs.cgi') diff --git a/userprefs.cgi b/userprefs.cgi index 24c9136f4..a5590e4eb 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -420,9 +420,11 @@ sub SaveSavedSearches { my $cgi = Bugzilla->cgi; # This script needs direct access to the username and password CGI variables, -# so we save them before their removal in Bugzilla->login +# so we save them before their removal in Bugzilla->login, and delete them +# prior to login if we might possibly be in an sudo session. my $bugzilla_login = $cgi->param('Bugzilla_login'); my $bugzilla_password = $cgi->param('Bugzilla_password'); +$cgi->delete('Bugzilla_login', 'Bugzilla_password') if ($cgi->cookie('sudo')); Bugzilla->login(LOGIN_REQUIRED); $cgi->param('Bugzilla_login', $bugzilla_login); -- cgit v1.2.1