comparison MoinMoin/request/__init__.py @ 2369:ccf996479233

fix a suid bug: force switched-to user valid
author Johannes Berg <johannes AT sipsolutions DOT net>
date Thu, 12 Jul 2007 11:41:35 +0200
parents 39d11cf4af6c
children 609ef7393a14
comparison
equal deleted inserted replaced
2368:5fc0717a060f 2369:ccf996479233
238 # might have lost the permission between requests 238 # might have lost the permission between requests
239 if 'setuid' in self.session and self.user.isSuperUser(): 239 if 'setuid' in self.session and self.user.isSuperUser():
240 self._setuid_real_user = self.user 240 self._setuid_real_user = self.user
241 uid = self.session['setuid'] 241 uid = self.session['setuid']
242 self.user = user.User(self, uid, auth_method='setuid') 242 self.user = user.User(self, uid, auth_method='setuid')
243 self.user.disabled = False 243 # set valid to True so superusers can even switch
244 # to disable accounts
245 self.user.valid = True
244 246
245 if self.action != 'xmlrpc': 247 if self.action != 'xmlrpc':
246 if not self.forbidden and self.isForbidden(): 248 if not self.forbidden and self.isForbidden():
247 self.makeForbidden403() 249 self.makeForbidden403()
248 if not self.forbidden and self.surge_protect(): 250 if not self.forbidden and self.surge_protect():