diff options
author | lpsolit%gmail.com <> | 2005-07-28 05:15:37 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2005-07-28 05:15:37 +0200 |
commit | 7ee5da70ab0a97bd1a03ad9ac32fee10de64226b (patch) | |
tree | 2c22e5c6e35578377722dfde3e804b832422855c | |
parent | 528e2c8f615ceef3b65632a3ca105084245e79e9 (diff) | |
download | bugzilla-7ee5da70ab0a97bd1a03ad9ac32fee10de64226b.tar.gz bugzilla-7ee5da70ab0a97bd1a03ad9ac32fee10de64226b.tar.xz |
Bug 292059: No locking in createaccount.cgi - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=myk
-rwxr-xr-x | createaccount.cgi | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/createaccount.cgi b/createaccount.cgi index d42ed76ec..337f89d0a 100755 --- a/createaccount.cgi +++ b/createaccount.cgi @@ -30,22 +30,24 @@ use lib qw(.); require "CGI.pl"; +use Bugzilla; use Bugzilla::Constants; use Bugzilla::User; use Bugzilla::BugMail; use Bugzilla::Util; # Shut up misguided -w warnings about "used only once": -use vars qw( - $template - $vars -); +use vars qw($template $vars); # Just in case someone already has an account, let them get the correct footer -# on an error message. The user is logged out just before the account is +# on an error message. The user is logged out just after the account is # actually created. Bugzilla->login(LOGIN_OPTIONAL); +my $dbh = Bugzilla->dbh; +my $cgi = Bugzilla->cgi; +print $cgi->header(); + # If we're using LDAP for login, then we can't create a new account here. unless (Bugzilla::Auth->can_edit('new')) { ThrowUserError("auth_cant_create_account"); @@ -56,9 +58,6 @@ unless ($createexp) { ThrowUserError("account_creation_disabled"); } -my $cgi = Bugzilla->cgi; -print $cgi->header(); - my $login = $cgi->param('login'); if (defined($login)) { @@ -66,9 +65,12 @@ if (defined($login)) { my $realname = trim($cgi->param('realname')); check_email_syntax($login); $vars->{'login'} = $login; - + + $dbh->bz_lock_tables('profiles WRITE', 'email_setting WRITE', 'tokens READ'); + if (!is_available_username($login)) { - # Account already exists + # Account already exists + $dbh->bz_unlock_tables(); $template->process("account/exists.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -78,11 +80,14 @@ if (defined($login)) { ThrowUserError("account_creation_disabled"); } + # Create account + my $password = insert_new_user($login, $realname); + + $dbh->bz_unlock_tables(); + # Clear out the login cookies in case the user is currently logged in. Bugzilla->logout(); - # Create account - my $password = insert_new_user($login, $realname); Bugzilla::BugMail::MailPassword($login, $password); $template->process("account/created.html.tmpl", $vars) |