Bug 313679: Changing email address in sudo mode logs user in as

impersonated user - Patch by A. Karl Kornel <karl@kornel.name>
r=wurblzap a=justdave

diff --git a/userprefs.cgi b/userprefs.cgi
index 24c9136f435defae85e60a8d0dfc8ef5d3b4e1b0..a5590e4eb43dd67c1b0b4c8abd24470f1de8f47d 100755 (executable)
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -420,9 +420,11 @@ sub SaveSavedSearches {
 my $cgi = Bugzilla->cgi;
 
 # This script needs direct access to the username and password CGI variables,
-# so we save them before their removal in Bugzilla->login
+# so we save them before their removal in Bugzilla->login, and delete them 
+# prior to login if we might possibly be in an sudo session.
 my $bugzilla_login    = $cgi->param('Bugzilla_login');
 my $bugzilla_password = $cgi->param('Bugzilla_password');
+$cgi->delete('Bugzilla_login', 'Bugzilla_password') if ($cgi->cookie('sudo'));
 
 Bugzilla->login(LOGIN_REQUIRED);
 $cgi->param('Bugzilla_login', $bugzilla_login);