summaryrefslogtreecommitdiffstats
path: root/token.cgi
diff options
context:
space:
mode:
authorwurblzap%gmail.com <>2006-10-21 03:52:24 +0200
committerwurblzap%gmail.com <>2006-10-21 03:52:24 +0200
commitea2d2a47281ac947297587c2619df190bf3c23c4 (patch)
tree61367f4bdb2fa5d419a0aedd29e675b5801c3d83 /token.cgi
parentc2f38f17cfa3aad8a13ee6eb02944b52d9e79037 (diff)
downloadbugzilla-ea2d2a47281ac947297587c2619df190bf3c23c4.tar.gz
bugzilla-ea2d2a47281ac947297587c2619df190bf3c23c4.tar.xz
Bug 340538: Insecure dependency in exec while running with -T switch at /usr/lib/perl5/site_perl/5.8.6/Mail/Mailer/sendmail.pm line 16.
Patch by Marc Schumann <wurblzap@gmail.com>, r=LpSolit, a=myk
Diffstat (limited to 'token.cgi')
-rwxr-xr-xtoken.cgi40
1 files changed, 20 insertions, 20 deletions
diff --git a/token.cgi b/token.cgi
index 282d2fcbb..e45f49fba 100755
--- a/token.cgi
+++ b/token.cgi
@@ -64,9 +64,8 @@ if ($cgi->param('t')) {
$::token = $cgi->param('t');
# Make sure the token contains only valid characters in the right amount.
- # Validate password will throw an error if token is invalid
+ # validate_password will throw an error if token is invalid
validate_password($::token);
- trick_taint($::token); # Only used in placeholders
Bugzilla::Token::CleanTokenTable();
@@ -102,8 +101,10 @@ if ($cgi->param('t')) {
# If the user is requesting a password change, make sure they submitted
# their login name and it exists in the database, and that the DB module is in
# the list of allowed verification methods.
+my $login_name;
if ( $::action eq 'reqpw' ) {
- defined $cgi->param('loginname')
+ $login_name = $cgi->param('loginname');
+ defined $login_name
|| ThrowUserError("login_needed_for_password_change");
# check verification methods
@@ -111,27 +112,25 @@ if ( $::action eq 'reqpw' ) {
ThrowUserError("password_change_requests_not_allowed");
}
- # Make sure the login name looks like an email address.
- validate_email_syntax($cgi->param('loginname'))
- || ThrowUserError('illegal_email_address',
- {addr => $cgi->param('loginname')});
+ validate_email_syntax($login_name)
+ || ThrowUserError('illegal_email_address', {addr => $login_name});
- my $loginname = $cgi->param('loginname');
- trick_taint($loginname); # Used only in a placeholder
my ($user_id) = $dbh->selectrow_array('SELECT userid FROM profiles WHERE ' .
$dbh->sql_istrcmp('login_name', '?'),
- undef, $loginname);
+ undef, $login_name);
$user_id || ThrowUserError("account_inexistent");
}
# If the user is changing their password, make sure they submitted a new
# password and that the new password is valid.
+my $password;
if ( $::action eq 'chgpw' ) {
- defined $cgi->param('password')
+ $password = $cgi->param('password');
+ defined $password
&& defined $cgi->param('matchpassword')
|| ThrowUserError("require_new_password");
- validate_password($cgi->param('password'), $cgi->param('matchpassword'));
+ validate_password($password, $cgi->param('matchpassword'));
}
################################################################################
@@ -143,13 +142,13 @@ if ( $::action eq 'chgpw' ) {
# that variable and runs the appropriate code.
if ($::action eq 'reqpw') {
- requestChangePassword();
+ requestChangePassword($login_name);
} elsif ($::action eq 'cfmpw') {
confirmChangePassword();
} elsif ($::action eq 'cxlpw') {
cancelChangePassword();
} elsif ($::action eq 'chgpw') {
- changePassword();
+ changePassword($password);
} elsif ($::action eq 'cfmem') {
confirmChangeEmail();
} elsif ($::action eq 'cxlem') {
@@ -176,7 +175,8 @@ exit;
################################################################################
sub requestChangePassword {
- Bugzilla::Token::IssuePasswordToken($cgi->param('loginname'));
+ my ($login_name) = @_;
+ Bugzilla::Token::IssuePasswordToken($login_name);
$vars->{'message'} = "password_change_request";
@@ -203,11 +203,11 @@ sub cancelChangePassword {
}
sub changePassword {
+ my ($password) = @_;
my $dbh = Bugzilla->dbh;
# Create a crypted version of the new password
- my $cryptedpassword = bz_crypt($cgi->param('password'));
- trick_taint($cryptedpassword); # Used only in a placeholder
+ my $cryptedpassword = bz_crypt($password);
# Get the user's ID from the tokens table.
my ($userid) = $dbh->selectrow_array('SELECT userid FROM tokens
@@ -369,13 +369,13 @@ sub request_create_account {
sub confirm_create_account {
my (undef, undef, $login_name) = Bugzilla::Token::GetTokenData($::token);
- validate_password($cgi->param('passwd1') || '',
- $cgi->param('passwd2') || '');
+ my $password = $cgi->param('passwd1') || '';
+ validate_password($password, $cgi->param('passwd2') || '');
my $otheruser = Bugzilla::User->create({
login_name => $login_name,
realname => $cgi->param('realname'),
- cryptpassword => $cgi->param('passwd1')});
+ cryptpassword => $password});
# Now delete this token.
delete_token($::token);