Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
bugzilla
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Ivan Ivlev
bugzilla
Commits
d825a0d1
Commit
d825a0d1
authored
Jun 10, 2009
by
bbaetz%acm.org
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bug 496856 - Fix token.cgi transaction handling
parent
1666c5a7
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
9 additions
and
5 deletions
+9
-5
token.cgi
token.cgi
+9
-5
No files found.
token.cgi
View file @
d825a0d1
...
...
@@ -274,12 +274,13 @@ sub changeEmail {
$dbh
->
do
(
'DELETE FROM tokens WHERE token = ?'
,
undef
,
$token
);
$dbh
->
do
(
q{DELETE FROM tokens WHERE userid = ?
AND tokentype = 'emailnew'}
,
undef
,
$userid
);
$dbh
->
bz_commit_transaction
();
# The email address has been changed, so we need to rederive the groups
my
$user
=
new
Bugzilla::
User
(
$userid
);
$user
->
derive_regexp_groups
;
$dbh
->
bz_commit_transaction
();
# Return HTTP response headers.
print
$cgi
->
header
();
...
...
@@ -295,6 +296,8 @@ sub cancelChangeEmail {
my
$token
=
shift
;
my
$dbh
=
Bugzilla
->
dbh
;
$dbh
->
bz_begin_transaction
();
# Get the user's ID from the tokens table.
my
(
$userid
,
$tokentype
,
$eventdata
)
=
$dbh
->
selectrow_array
(
q{SELECT userid, tokentype, eventdata FROM tokens
...
...
@@ -310,16 +313,15 @@ sub cancelChangeEmail {
# check to see if it has been altered
if
(
$actualemail
ne
$old_email
)
{
# XXX - This is NOT safe - if A has change to B, another profile
# could have grabbed A's username in the meantime.
# The DB constraint will catch this, though
$dbh
->
do
(
q{UPDATE profiles
SET login_name = ?
WHERE userid = ?}
,
undef
,
(
$old_email
,
$userid
));
# email has changed, so rederive groups
# Note that this is done _after_ the tables are unlocked
# This is sort of a race condition (given the lack of transactions)
# but the user had access to it just now, so it's not a security
# issue
my
$user
=
new
Bugzilla::
User
(
$userid
);
$user
->
derive_regexp_groups
;
...
...
@@ -339,6 +341,8 @@ sub cancelChangeEmail {
AND tokentype = 'emailold' OR tokentype = 'emailnew'}
,
undef
,
$userid
);
$dbh
->
bz_commit_transaction
();
# Return HTTP response headers.
print
$cgi
->
header
();
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
