Bug 1132887: When starting a sudo session, the password is not validated

r=dkl a=glob
bugzilla · Feb 17, 2015 · 10aa3f0 · 10aa3f0
1 parent 9f76caa
commit 10aa3f0
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/relogin.cgi b/relogin.cgi
@@ -64,6 +64,9 @@ elsif ($action eq 'prepare-sudo') {
                           -httponly => 1,
                           %args);
 
+        # The user ID must not be set when generating the token, because
+        # that information will not be available when validating it.
+        local Bugzilla->user->{userid} = 0;
         $vars->{'login_request_token'} = issue_hash_token(['login_request', $value]);
     }