From: karl%kornel.name <>
Date: Wed, 14 Dec 2005 04:03:13 +0000 (+0000)
Subject: Bug 313679: Changing email address in sudo mode logs user in as
X-Git-Tag: bugzilla-2.22rc1~100
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80d6208e79656bacaecfd1f9683dcc978ea967cc;p=thirdparty%2Fbugzilla.git

Bug 313679: Changing email address in sudo mode logs user in as
impersonated user - Patch by A. Karl Kornel <karl@kornel.name>
r=wurblzap a=justdave
---

diff --git a/userprefs.cgi b/userprefs.cgi
index 24c9136f43..a5590e4eb4 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -420,9 +420,11 @@ sub SaveSavedSearches {
 my $cgi = Bugzilla->cgi;
 
 # This script needs direct access to the username and password CGI variables,
-# so we save them before their removal in Bugzilla->login
+# so we save them before their removal in Bugzilla->login, and delete them 
+# prior to login if we might possibly be in an sudo session.
 my $bugzilla_login    = $cgi->param('Bugzilla_login');
 my $bugzilla_password = $cgi->param('Bugzilla_password');
+$cgi->delete('Bugzilla_login', 'Bugzilla_password') if ($cgi->cookie('sudo'));
 
 Bugzilla->login(LOGIN_REQUIRED);
 $cgi->param('Bugzilla_login', $bugzilla_login);