[bugzilla-gnome-org-upstream/4.4] Bug 1132887: When starting a sudo session, the password is not validated r=dkl a=glob

From: Andrea Veri <av src gnome org>
To: commits-list gnome org
Cc:
Subject: [bugzilla-gnome-org-upstream/4.4] Bug 1132887: When starting a sudo session, the password is not validated r=dkl a=glob
Date: Tue, 21 Apr 2015 12:45:54 +0000 (UTC)

commit 0a18f0f31e71cadbef4a83138b55ff42db85643d
Author: Frédéric Buclin <LpSolit gmail com>
Date:   Tue Feb 17 21:36:30 2015 +0100

    Bug 1132887: When starting a sudo session, the password is not validated
    r=dkl a=glob

 relogin.cgi |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/relogin.cgi b/relogin.cgi
index 337d1b2..b86463b 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -61,6 +61,9 @@ elsif ($action eq 'prepare-sudo') {
                           -httponly => 1,
                           %args);
 
+        # The user ID must not be set when generating the token, because
+        # that information will not be available when validating it.
+        local Bugzilla->user->{userid} = 0;
         $vars->{'login_request_token'} = issue_hash_token(['login_request', $value]);
     }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]