Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy and allowing easier brute force

r=LpSolit,a=sgreen
author: Dave Lawrence <dlawrence@mozilla.com> 2013-10-16 18:27:00 +0200
committer: Dave Lawrence <dlawrence@mozilla.com> 2013-10-16 18:27:00 +0200
commit: 6f5ed9c78eda6cbe6cf743ddacc82a6f9fccdf15 (patch)
tree: 7f42d99d68c2bf7649e3ac8f1474c5bb9ef07761 /token.cgi
parent: 60343369b4f0cdcc758e8776839014ffcf8fcfb5 (diff)
download: bugzilla-6f5ed9c78eda6cbe6cf743ddacc82a6f9fccdf15.tar.gz
bugzilla-6f5ed9c78eda6cbe6cf743ddacc82a6f9fccdf15.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/token.cgi b/token.cgi
index ae9800d72..901094be4 100755
--- a/token.cgi
+++ b/token.cgi
@@ -69,7 +69,7 @@ if ($token) {
   # Make sure the token exists in the database.
   my ($db_token, $tokentype) = $dbh->selectrow_array('SELECT token, tokentype FROM tokens
                                                        WHERE token = ?', undef, $token);
-  (defined $db_token && $db_token eq $token && $tokentype)
+  (defined $db_token && $db_token eq $token)
     || ThrowUserError("token_does_not_exist");
 
   # Make sure the token is the correct type for the action being taken.
author	Dave Lawrence <dlawrence@mozilla.com>	2013-10-16 18:27:00 +0200
committer	Dave Lawrence <dlawrence@mozilla.com>	2013-10-16 18:27:00 +0200
commit	6f5ed9c78eda6cbe6cf743ddacc82a6f9fccdf15 (patch)
tree	7f42d99d68c2bf7649e3ac8f1474c5bb9ef07761 /token.cgi
parent	60343369b4f0cdcc758e8776839014ffcf8fcfb5 (diff)
download	bugzilla-6f5ed9c78eda6cbe6cf743ddacc82a6f9fccdf15.tar.gz bugzilla-6f5ed9c78eda6cbe6cf743ddacc82a6f9fccdf15.tar.xz