diff options
author | lpsolit%gmail.com <> | 2005-12-21 07:25:57 +0100 |
---|---|---|
committer | lpsolit%gmail.com <> | 2005-12-21 07:25:57 +0100 |
commit | a2a422ca3f0edf77f6aafd064b4e00a5883bb1b8 (patch) | |
tree | 2d50c5c1c790991ae4598d622b8de80f5825510d | |
parent | 77788555fd12b38f7db7022f84ed4f5eb17f5301 (diff) | |
download | bugzilla-a2a422ca3f0edf77f6aafd064b4e00a5883bb1b8.tar.gz bugzilla-a2a422ca3f0edf77f6aafd064b4e00a5883bb1b8.tar.xz |
Bug 287741: changing password from 'password' to 'password' should not invalidate login cookies - Patch by Marc Schumann <wurblzap@gmail.com> r=LpSolit a=justdave
-rwxr-xr-x | userprefs.cgi | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index df2255ce4..3dc68121e 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -97,16 +97,18 @@ sub SaveAccount { $cgi->param('new_password1') || ThrowUserError("new_password_missing"); ValidatePassword($pwd1, $pwd2); - - my $cryptedpassword = bz_crypt($pwd1); - trick_taint($cryptedpassword); # Only used in a placeholder - $dbh->do(q{UPDATE profiles - SET cryptpassword = ? - WHERE userid = ?}, - undef, ($cryptedpassword, $user->id)); - - # Invalidate all logins except for the current one - Bugzilla->logout(LOGOUT_KEEP_CURRENT); + + if ($cgi->param('Bugzilla_password') ne $pwd1) { + my $cryptedpassword = bz_crypt($pwd1); + trick_taint($cryptedpassword); # Only used in a placeholder + $dbh->do(q{UPDATE profiles + SET cryptpassword = ? + WHERE userid = ?}, + undef, ($cryptedpassword, $user->id)); + + # Invalidate all logins except for the current one + Bugzilla->logout(LOGOUT_KEEP_CURRENT); + } } } |