From c473640f869a5ec5e59aa9136b2f054c76a31220 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= <LpSolit@gmail.com>
Date: Tue, 17 Feb 2015 21:35:28 +0100
Subject: [PATCH] Bug 1132887: When starting a sudo session, the password is
 not validated r=dkl a=glob

---
 relogin.cgi | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/relogin.cgi b/relogin.cgi
index 6f0c970f1f..c4aae8d0ba 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -64,6 +64,9 @@ elsif ($action eq 'prepare-sudo') {
                           -httponly => 1,
                           %args);
 
+        # The user ID must not be set when generating the token, because
+        # that information will not be available when validating it.
+        local Bugzilla->user->{userid} = 0;
         $vars->{'login_request_token'} = issue_hash_token(['login_request', $value]);
     }
 
-- 
2.47.2