Skip to content

bugzilla
bugzilla
Commit 7ee5da70 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 292059: No locking in createaccount.cgi - Patch by Frédéric Buclin…

Bug 292059: No locking in createaccount.cgi - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=myk
parent 528e2c8f
Hide whitespace changes
Inline Side-by-side
Showing with 17 additions and 12 deletions
createaccount.cgi
View file @ 7ee5da70
...@@ -30,22 +30,24 @@ use lib qw(.); ...@@ -30,22 +30,24 @@ use lib qw(.);
require "CGI.pl"; require "CGI.pl";
use Bugzilla;
use Bugzilla::Constants; use Bugzilla::Constants;
use Bugzilla::User; use Bugzilla::User;
use Bugzilla::BugMail; use Bugzilla::BugMail;
use Bugzilla::Util; use Bugzilla::Util;
# Shut up misguided -w warnings about "used only once": # Shut up misguided -w warnings about "used only once":
use vars qw( use vars qw($template $vars);
$template
$vars
);
# Just in case someone already has an account, let them get the correct footer # Just in case someone already has an account, let them get the correct footer
# on an error message. The user is logged out just before the account is # on an error message. The user is logged out just after the account is
# actually created. # actually created.
Bugzilla->login(LOGIN_OPTIONAL); Bugzilla->login(LOGIN_OPTIONAL);
my $dbh = Bugzilla->dbh;
my $cgi = Bugzilla->cgi;
print $cgi->header();
# If we're using LDAP for login, then we can't create a new account here. # If we're using LDAP for login, then we can't create a new account here.
unless (Bugzilla::Auth->can_edit('new')) { unless (Bugzilla::Auth->can_edit('new')) {
ThrowUserError("auth_cant_create_account"); ThrowUserError("auth_cant_create_account");
...@@ -56,9 +58,6 @@ unless ($createexp) { ...@@ -56,9 +58,6 @@ unless ($createexp) {
ThrowUserError("account_creation_disabled"); ThrowUserError("account_creation_disabled");
} }
my $cgi = Bugzilla->cgi;
print $cgi->header();
my $login = $cgi->param('login'); my $login = $cgi->param('login');
if (defined($login)) { if (defined($login)) {
...@@ -66,9 +65,12 @@ if (defined($login)) { ...@@ -66,9 +65,12 @@ if (defined($login)) {
my $realname = trim($cgi->param('realname')); my $realname = trim($cgi->param('realname'));
check_email_syntax($login); check_email_syntax($login);
$vars->{'login'} = $login; $vars->{'login'} = $login;
$dbh->bz_lock_tables('profiles WRITE', 'email_setting WRITE', 'tokens READ');
if (!is_available_username($login)) { if (!is_available_username($login)) {
# Account already exists # Account already exists
$dbh->bz_unlock_tables();
$template->process("account/exists.html.tmpl", $vars) $template->process("account/exists.html.tmpl", $vars)
|| ThrowTemplateError($template->error()); || ThrowTemplateError($template->error());
exit; exit;
...@@ -78,11 +80,14 @@ if (defined($login)) { ...@@ -78,11 +80,14 @@ if (defined($login)) {
ThrowUserError("account_creation_disabled"); ThrowUserError("account_creation_disabled");
} }
# Create account
my $password = insert_new_user($login, $realname);
$dbh->bz_unlock_tables();
# Clear out the login cookies in case the user is currently logged in. # Clear out the login cookies in case the user is currently logged in.
Bugzilla->logout(); Bugzilla->logout();
# Create account
my $password = insert_new_user($login, $realname);
Bugzilla::BugMail::MailPassword($login, $password); Bugzilla::BugMail::MailPassword($login, $password);
$template->process("account/created.html.tmpl", $vars) $template->process("account/created.html.tmpl", $vars)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment