Skip to content

bugzilla
bugzilla
Commit 08789f36 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 381738: SaveAccount() in userprefs.cgi doesn't check…

Bug 381738: SaveAccount() in userprefs.cgi doesn't check Bugzilla->user->authorizer->can_change_{password|email} - Patch by Tiago R. Mello <timello@gmail.com> r/a=LpSolit
parent 88bf1df4
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 3 deletions
userprefs.cgi
View file @ 08789f36
...@@ -82,8 +82,8 @@ sub SaveAccount { ...@@ -82,8 +82,8 @@ sub SaveAccount {
my $pwd1 = $cgi->param('new_password1'); my $pwd1 = $cgi->param('new_password1');
my $pwd2 = $cgi->param('new_password2'); my $pwd2 = $cgi->param('new_password2');
if ($cgi->param('Bugzilla_password') ne "" || if ($user->authorizer->can_change_password
$pwd1 ne "" || $pwd2 ne "") && ($cgi->param('Bugzilla_password') ne "" || $pwd1 ne "" || $pwd2 ne ""))
{ {
my ($oldcryptedpwd) = $dbh->selectrow_array( my ($oldcryptedpwd) = $dbh->selectrow_array(
q{SELECT cryptpassword FROM profiles WHERE userid = ?}, q{SELECT cryptpassword FROM profiles WHERE userid = ?},
...@@ -115,7 +115,10 @@ sub SaveAccount { ...@@ -115,7 +115,10 @@ sub SaveAccount {
} }
} }
if(Bugzilla->params->{"allowemailchange"} && $cgi->param('new_login_name')) { if ($user->authorizer->can_change_email
&& Bugzilla->params->{"allowemailchange"}
&& $cgi->param('new_login_name'))
{
my $old_login_name = $cgi->param('Bugzilla_login'); my $old_login_name = $cgi->param('Bugzilla_login');
my $new_login_name = trim($cgi->param('new_login_name')); my $new_login_name = trim($cgi->param('new_login_name'));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment