diff options
author | lpsolit%gmail.com <> | 2007-07-14 05:48:28 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2007-07-14 05:48:28 +0200 |
commit | 08789f365c3c495b805aef082f20e1a99cf9eca5 (patch) | |
tree | 406a1f2509b884ef2793a1d84150ffb89b89637b | |
parent | 88bf1df40e30b2d534e55593bfc3dc85c9b5c3f8 (diff) | |
download | bugzilla-08789f365c3c495b805aef082f20e1a99cf9eca5.tar.gz bugzilla-08789f365c3c495b805aef082f20e1a99cf9eca5.tar.xz |
Bug 381738: SaveAccount() in userprefs.cgi doesn't check Bugzilla->user->authorizer->can_change_{password|email} - Patch by Tiago R. Mello <timello@gmail.com> r/a=LpSolit
-rwxr-xr-x | userprefs.cgi | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index 8f94809cb..1ad7f906e 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -82,8 +82,8 @@ sub SaveAccount { my $pwd1 = $cgi->param('new_password1'); my $pwd2 = $cgi->param('new_password2'); - if ($cgi->param('Bugzilla_password') ne "" || - $pwd1 ne "" || $pwd2 ne "") + if ($user->authorizer->can_change_password + && ($cgi->param('Bugzilla_password') ne "" || $pwd1 ne "" || $pwd2 ne "")) { my ($oldcryptedpwd) = $dbh->selectrow_array( q{SELECT cryptpassword FROM profiles WHERE userid = ?}, @@ -115,7 +115,10 @@ sub SaveAccount { } } - if(Bugzilla->params->{"allowemailchange"} && $cgi->param('new_login_name')) { + if ($user->authorizer->can_change_email + && Bugzilla->params->{"allowemailchange"} + && $cgi->param('new_login_name')) + { my $old_login_name = $cgi->param('Bugzilla_login'); my $new_login_name = trim($cgi->param('new_login_name')); |