From: Frédéric Buclin <LpSolit@gmail.com>
Date: Tue, 17 Feb 2015 20:36:30 +0000 (+0100)
Subject: Bug 1132887: When starting a sudo session, the password is not validated
X-Git-Tag: bugzilla-4.4.9~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a18f0f31e71cadbef4a83138b55ff42db85643d;p=thirdparty%2Fbugzilla.git

Bug 1132887: When starting a sudo session, the password is not validated
r=dkl a=glob
---

diff --git a/relogin.cgi b/relogin.cgi
index 337d1b2082..b86463bb8e 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -61,6 +61,9 @@ elsif ($action eq 'prepare-sudo') {
                           -httponly => 1,
                           %args);
 
+        # The user ID must not be set when generating the token, because
+        # that information will not be available when validating it.
+        local Bugzilla->user->{userid} = 0;
         $vars->{'login_request_token'} = issue_hash_token(['login_request', $value]);
     }