diff options
| author | lpsolit%gmail.com <> | 2006-08-25 17:33:19 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-08-25 17:33:19 +0200 |
| commit | 1e68fe1e5c78228ca82ff6b41176de59e6ba0a4c (patch) | |
| tree | e1d52fdd8404de43b1c7d0a7cca52fd93e5fadd0 /editusers.cgi | |
| parent | 9fd592efb1b68ed9c4aa1d47151cb8f32d88885f (diff) | |
| download | bugzilla-1e68fe1e5c78228ca82ff6b41176de59e6ba0a4c.tar.gz bugzilla-1e68fe1e5c78228ca82ff6b41176de59e6ba0a4c.tar.xz | |
Bug 349766: Use of uninitialized value in pattern match (m//) at editusers.cgi line 270 - Patch by Frédéric Buclin <LpSolit@gmail.com> r=kevin.benton a=myk
Diffstat (limited to 'editusers.cgi')
| -rwxr-xr-x | editusers.cgi | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/editusers.cgi b/editusers.cgi index caea2186b..0ce3a95ce 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -195,7 +195,7 @@ if ($action eq 'search') { my $password = $cgi->param('password'); my $realname = trim($cgi->param('name') || ''); my $disabledtext = trim($cgi->param('disabledtext') || ''); - my $disable_mail = $cgi->param('disable_mail') =~ /^(0|1)$/ ? $1 : 0; + my $disable_mail = $cgi->param('disable_mail') ? 1 : 0; # Lock tables during the check+creation session. $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE', @@ -235,7 +235,6 @@ if ($action eq 'search') { } elsif ($action eq 'update') { my $otherUser = check_user($otherUserID, $otherUserLogin); $otherUserID = $otherUser->id; - my $oldprofile = new Bugzilla::User($otherUserID); my $logoutNeeded = 0; my @changedFields; @@ -256,25 +255,18 @@ if ($action eq 'search') { action => "modify", object => "user"}); - # Cleanups - my $loginold = $cgi->param('loginold') || ''; - my $realnameold = $cgi->param('nameold') || ''; - my $disabledtextold = $cgi->param('disabledtextold') || ''; - my $disable_mail_old = $cgi->param('disable_mail_old') =~ /^(0|1)$/ ? - $1 : $oldprofile->email_disabled; - my $login = $cgi->param('login'); my $password = $cgi->param('password'); my $realname = trim($cgi->param('name') || ''); my $disabledtext = trim($cgi->param('disabledtext') || ''); - my $disable_mail = $cgi->param('disable_mail') =~ /^(0|1)$/ ? $1 : 0; + my $disable_mail = $cgi->param('disable_mail') ? 1 : 0; # Update profiles table entry; silently skip doing this if the user # is not authorized. if ($editusers) { my @values; - if ($login ne $loginold) { + if ($login ne $otherUser->login) { # Validate, then trick_taint. $login || ThrowUserError('user_login_required'); validate_email_syntax($login) @@ -290,7 +282,7 @@ if ($action eq 'search') { # Since we change the login, silently delete any tokens. $dbh->do('DELETE FROM tokens WHERE userid = ?', {}, $otherUserID); } - if ($realname ne $realnameold) { + if ($realname ne $otherUser->name) { # The real name may be anything; we use a placeholder for our # INSERT, and we rely on displaying code to FILTER html. trick_taint($realname); @@ -305,7 +297,7 @@ if ($action eq 'search') { push(@values, bz_crypt($password)); $logoutNeeded = 1; } - if ($disabledtext ne $disabledtextold) { + if ($disabledtext ne $otherUser->disabledtext) { # The disable text may be anything; we use a placeholder for our # INSERT, and we rely on displaying code to FILTER html. trick_taint($disabledtext); @@ -313,7 +305,7 @@ if ($action eq 'search') { push(@values, $disabledtext); $logoutNeeded = 1; } - if ($disable_mail != $disable_mail_old) { + if ($disable_mail != $otherUser->email_disabled) { trick_taint($disable_mail); push(@changedFields, 'disable_mail'); push(@values, $disable_mail); @@ -419,7 +411,7 @@ if ($action eq 'search') { userDataToVars($otherUserID); $vars->{'message'} = 'account_updated'; - $vars->{'loginold'} = $loginold; + $vars->{'loginold'} = $otherUser->login; $vars->{'changed_fields'} = \@changedFields; $vars->{'groups_added_to'} = \@groupsAddedTo; $vars->{'groups_removed_from'} = \@groupsRemovedFrom; |