Item544: REMOTE_USER could occlude login manager. FSA problem.

git-svn-id: http://svn.foswiki.org/trunk@1518 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Dec 22, 2008 · afeeb54 · afeeb54
1 parent 672d87f
commit afeeb54
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/core/lib/Foswiki/LoginManager.pm b/core/lib/Foswiki/LoginManager.pm
@@ -109,7 +109,7 @@ sub makeLoginManager {
     }
     else {
 
-        # Rename from old "Client" to new "LoginManager" - see Bugs:Item3375
+        # Rename from old "Client" to new "LoginManager" - see TWikibug:Item3375
         $Foswiki::cfg{LoginManager} =~ s/::Client::/::LoginManager::/;
         my $loginManager = $Foswiki::cfg{LoginManager};
         if ( $session->inContext('sudo_login') )

diff --git a/core/lib/Foswiki/UI.pm b/core/lib/Foswiki/UI.pm
@@ -135,7 +135,8 @@ sub execute {
 
     my $cache = $req->param('foswiki_redirect_cache');
 
-# Never trust input data from a query. We will only accept an MD5 32 character string
+    # Never trust input data from a query. We will only accept
+    # an MD5 32 character string
     if ( $cache && $cache =~ /^([a-f0-9]{32})$/ ) {
         $cache = $1;
 
@@ -164,7 +165,9 @@ sub execute {
         }
     }
 
-    my $session = new Foswiki( $req->remoteUser, $req, \%initialContext );
+    # DO NOT pass in $req->remoteUser here (even though it appears to be right)
+    # because it may occlude the login manager.
+    my $session = new Foswiki( undef, $req, \%initialContext );
     my $res = $session->{response};
 
     unless ( defined $session->{response}->status()