Skip to content

bugzilla
bugzilla
Commit d825a0d1 authored by bbaetz%acm.org's avatar bbaetz%acm.org
Browse files
Options

Bug 496856 - Fix token.cgi transaction handling

parent 1666c5a7
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 5 deletions
token.cgi
View file @ d825a0d1
...@@ -274,12 +274,13 @@ sub changeEmail { ...@@ -274,12 +274,13 @@ sub changeEmail {
$dbh->do('DELETE FROM tokens WHERE token = ?', undef, $token); $dbh->do('DELETE FROM tokens WHERE token = ?', undef, $token);
$dbh->do(q{DELETE FROM tokens WHERE userid = ? $dbh->do(q{DELETE FROM tokens WHERE userid = ?
AND tokentype = 'emailnew'}, undef, $userid); AND tokentype = 'emailnew'}, undef, $userid);
$dbh->bz_commit_transaction();
# The email address has been changed, so we need to rederive the groups # The email address has been changed, so we need to rederive the groups
my $user = new Bugzilla::User($userid); my $user = new Bugzilla::User($userid);
$user->derive_regexp_groups; $user->derive_regexp_groups;
$dbh->bz_commit_transaction();
# Return HTTP response headers. # Return HTTP response headers.
print $cgi->header(); print $cgi->header();
...@@ -295,6 +296,8 @@ sub cancelChangeEmail { ...@@ -295,6 +296,8 @@ sub cancelChangeEmail {
my $token = shift; my $token = shift;
my $dbh = Bugzilla->dbh; my $dbh = Bugzilla->dbh;
$dbh->bz_begin_transaction();
# Get the user's ID from the tokens table. # Get the user's ID from the tokens table.
my ($userid, $tokentype, $eventdata) = $dbh->selectrow_array( my ($userid, $tokentype, $eventdata) = $dbh->selectrow_array(
q{SELECT userid, tokentype, eventdata FROM tokens q{SELECT userid, tokentype, eventdata FROM tokens
...@@ -310,16 +313,15 @@ sub cancelChangeEmail { ...@@ -310,16 +313,15 @@ sub cancelChangeEmail {
# check to see if it has been altered # check to see if it has been altered
if($actualemail ne $old_email) { if($actualemail ne $old_email) {
# XXX - This is NOT safe - if A has change to B, another profile
# could have grabbed A's username in the meantime.
# The DB constraint will catch this, though
$dbh->do(q{UPDATE profiles $dbh->do(q{UPDATE profiles
SET login_name = ? SET login_name = ?
WHERE userid = ?}, WHERE userid = ?},
undef, ($old_email, $userid)); undef, ($old_email, $userid));
# email has changed, so rederive groups # email has changed, so rederive groups
# Note that this is done _after_ the tables are unlocked
# This is sort of a race condition (given the lack of transactions)
# but the user had access to it just now, so it's not a security
# issue
my $user = new Bugzilla::User($userid); my $user = new Bugzilla::User($userid);
$user->derive_regexp_groups; $user->derive_regexp_groups;
...@@ -339,6 +341,8 @@ sub cancelChangeEmail { ...@@ -339,6 +341,8 @@ sub cancelChangeEmail {
AND tokentype = 'emailold' OR tokentype = 'emailnew'}, AND tokentype = 'emailold' OR tokentype = 'emailnew'},
undef, $userid); undef, $userid);
$dbh->bz_commit_transaction();
# Return HTTP response headers. # Return HTTP response headers.
print $cgi->header(); print $cgi->header();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment