merged with bugzilla/4.2

author: Dave Lawrence <dlawrence@mozilla.com> 2013-10-17 15:57:57 +0200
committer: Dave Lawrence <dlawrence@mozilla.com> 2013-10-17 15:57:57 +0200
commit: 62ae33ffa16c22e9705bd22e48fb8299225462f4 (patch)
tree: 0571fb266d0b0c619d9be2a8c2272d04afcce9a1 /token.cgi
parent: 2c257b0a104c1bb3483adfb0eacb792c528010e9 (diff)
parent: 7355bd53bc4b20e248550e5467142a79e9512fbc (diff)
download: bugzilla-62ae33ffa16c22e9705bd22e48fb8299225462f4.tar.gz
bugzilla-62ae33ffa16c22e9705bd22e48fb8299225462f4.tar.xz
1 files changed, 4 insertions, 3 deletions
diff --git a/token.cgi b/token.cgi
index 20870159a..901094be4 100755
--- a/token.cgi
+++ b/token.cgi
@@ -67,9 +67,10 @@ if ($token) {
   trick_taint($token);
 
   # Make sure the token exists in the database.
-  my ($tokentype) = $dbh->selectrow_array('SELECT tokentype FROM tokens
-                                           WHERE token = ?', undef, $token);
-  $tokentype || ThrowUserError("token_does_not_exist");
+  my ($db_token, $tokentype) = $dbh->selectrow_array('SELECT token, tokentype FROM tokens
+                                                       WHERE token = ?', undef, $token);
+  (defined $db_token && $db_token eq $token)
+    || ThrowUserError("token_does_not_exist");
 
   # Make sure the token is the correct type for the action being taken.
   if ( grep($action eq $_ , qw(cfmpw cxlpw chgpw)) && $tokentype ne 'password' ) {
author	Dave Lawrence <dlawrence@mozilla.com>	2013-10-17 15:57:57 +0200
committer	Dave Lawrence <dlawrence@mozilla.com>	2013-10-17 15:57:57 +0200
commit	62ae33ffa16c22e9705bd22e48fb8299225462f4 (patch)
tree	0571fb266d0b0c619d9be2a8c2272d04afcce9a1 /token.cgi
parent	2c257b0a104c1bb3483adfb0eacb792c528010e9 (diff)
parent	7355bd53bc4b20e248550e5467142a79e9512fbc (diff)
download	bugzilla-62ae33ffa16c22e9705bd22e48fb8299225462f4.tar.gz bugzilla-62ae33ffa16c22e9705bd22e48fb8299225462f4.tar.xz