Item13079: Bootstrap doesn't gain admin rights.

If the user has a valid Foswiki session cookie, and the working/tmp/cgisess_ file exists, then the bootstrap process fails to set admin user, and runs as the current (stale) session user. When loading the user from the session cookie, detect that we are in bootstrap mode, and upgrade the session to admin.
foswiki · Nov 27, 2014 · 33484ea · 33484ea
1 parent b7af81e
commit 33484ea
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/core/lib/Foswiki/LoginManager.pm b/core/lib/Foswiki/LoginManager.pm
@@ -371,6 +371,17 @@ sub loadSession {
             _trace( $this, "AUTHUSER from session is $sessionUser" )
               if defined $sessionUser;
 
+    # If we are bootstrapping, and the defaultUser from Foswiki.pm is admin
+    # Then override the session user to become admin.   This gets around a stale
+    # browser cookie from blocking the bootstrap admin login.
+
+            $authUser = $defaultUser
+              if ( $Foswiki::cfg{isBOOTSTRAPPING}
+                && $defaultUser eq 'admin' );
+
+            _trace( $this, "AUTHUSER after BOOTSTRAP check is $authUser" )
+              if defined $authUser;
+
             # An admin user stored in the session can override the webserver
             # user; handy for sudo