Bug 670669 - Changing the e-mail address under account prefs does not require current password if can_change_password is false

r=dkl, a=simon
author: Simon Green <mail@simon.green> 2015-08-23 07:33:45 +0200
committer: Simon Green <mail@simon.green> 2015-08-23 07:33:45 +0200
commit: 19d20ef6c3b76145e2ea0ebf96a7519eda3bf64d (patch)
tree: b12118c4f37e76ffee72e0053619d47ff35b1885 /token.cgi
parent: d3a74a9278457522a6361492fe49e9f984b04a5e (diff)
download: bugzilla-19d20ef6c3b76145e2ea0ebf96a7519eda3bf64d.tar.gz
bugzilla-19d20ef6c3b76145e2ea0ebf96a7519eda3bf64d.tar.xz
1 files changed, 1 insertions, 4 deletions
diff --git a/token.cgi b/token.cgi
index 830ecfccb..eba336d98 100755
--- a/token.cgi
+++ b/token.cgi
@@ -210,14 +210,11 @@ sub changeEmail {
     $dbh->bz_start_transaction();
     
     my $user = Bugzilla::User->check({ id => $userid });
-    my $realpassword = $user->cryptpassword;
     my $cgipassword  = $cgi->param('password');
 
     # Make sure the user who wants to change the email address
     # is the real account owner.
-    if (bz_crypt($cgipassword, $realpassword) ne $realpassword) {
-        ThrowUserError("old_password_incorrect");
-    }
+    $user->check_current_password($cgipassword);
 
     # The new email address should be available as this was 
     # confirmed initially so cancel token if it is not still available
author	Simon Green <mail@simon.green>	2015-08-23 07:33:45 +0200
committer	Simon Green <mail@simon.green>	2015-08-23 07:33:45 +0200
commit	19d20ef6c3b76145e2ea0ebf96a7519eda3bf64d (patch)
tree	b12118c4f37e76ffee72e0053619d47ff35b1885 /token.cgi
parent	d3a74a9278457522a6361492fe49e9f984b04a5e (diff)
download	bugzilla-19d20ef6c3b76145e2ea0ebf96a7519eda3bf64d.tar.gz bugzilla-19d20ef6c3b76145e2ea0ebf96a7519eda3bf64d.tar.xz