summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2007-07-14 05:48:28 +0200
committerlpsolit%gmail.com <>2007-07-14 05:48:28 +0200
commit08789f365c3c495b805aef082f20e1a99cf9eca5 (patch)
tree406a1f2509b884ef2793a1d84150ffb89b89637b
parent88bf1df40e30b2d534e55593bfc3dc85c9b5c3f8 (diff)
downloadbugzilla-08789f365c3c495b805aef082f20e1a99cf9eca5.tar.gz
bugzilla-08789f365c3c495b805aef082f20e1a99cf9eca5.tar.xz
Bug 381738: SaveAccount() in userprefs.cgi doesn't check Bugzilla->user->authorizer->can_change_{password|email} - Patch by Tiago R. Mello <timello@gmail.com> r/a=LpSolit
-rwxr-xr-xuserprefs.cgi9
1 files changed, 6 insertions, 3 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index 8f94809cb..1ad7f906e 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -82,8 +82,8 @@ sub SaveAccount {
my $pwd1 = $cgi->param('new_password1');
my $pwd2 = $cgi->param('new_password2');
- if ($cgi->param('Bugzilla_password') ne "" ||
- $pwd1 ne "" || $pwd2 ne "")
+ if ($user->authorizer->can_change_password
+ && ($cgi->param('Bugzilla_password') ne "" || $pwd1 ne "" || $pwd2 ne ""))
{
my ($oldcryptedpwd) = $dbh->selectrow_array(
q{SELECT cryptpassword FROM profiles WHERE userid = ?},
@@ -115,7 +115,10 @@ sub SaveAccount {
}
}
- if(Bugzilla->params->{"allowemailchange"} && $cgi->param('new_login_name')) {
+ if ($user->authorizer->can_change_email
+ && Bugzilla->params->{"allowemailchange"}
+ && $cgi->param('new_login_name'))
+ {
my $old_login_name = $cgi->param('Bugzilla_login');
my $new_login_name = trim($cgi->param('new_login_name'));