Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account

r=glob a=LpSolit
author: Frédéric Buclin <LpSolit@gmail.com> 2011-12-28 23:11:44 +0100
committer: Frédéric Buclin <LpSolit@gmail.com> 2011-12-28 23:11:44 +0100
commit: 2d792a108434d9ea59ebf75ae09fb69cbab6fb71 (patch)
tree: 3da27d1b0158d793d42cf87bb3fd479de558b525 /token.cgi
parent: f8813fc6a94b4e8e6d5e77009458ed8cb5a856c7 (diff)
download: bugzilla-2d792a108434d9ea59ebf75ae09fb69cbab6fb71.tar.gz
bugzilla-2d792a108434d9ea59ebf75ae09fb69cbab6fb71.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/token.cgi b/token.cgi
index c43acdbfd..048670a1c 100755
--- a/token.cgi
+++ b/token.cgi
@@ -298,6 +298,8 @@ sub cancelChangeEmail {
 sub request_create_account {
     my ($date, $login_name, $token) = @_;
 
+    Bugzilla->user->check_account_creation_enabled;
+
     $vars->{'token'} = $token;
     $vars->{'email'} = $login_name . Bugzilla->params->{'emailsuffix'};
     $vars->{'expiration_ts'} = ctime(str2time($date) + MAX_TOKEN_AGE * 86400);
@@ -310,6 +312,8 @@ sub request_create_account {
 sub confirm_create_account {
     my ($login_name, $token) = @_;
 
+    Bugzilla->user->check_account_creation_enabled;
+
     my $password = $cgi->param('passwd1') || '';
     validate_password($password, $cgi->param('passwd2') || '');
     # Make sure that these never show up anywhere in the UI.
author	Frédéric Buclin <LpSolit@gmail.com>	2011-12-28 23:11:44 +0100
committer	Frédéric Buclin <LpSolit@gmail.com>	2011-12-28 23:11:44 +0100
commit	2d792a108434d9ea59ebf75ae09fb69cbab6fb71 (patch)
tree	3da27d1b0158d793d42cf87bb3fd479de558b525 /token.cgi
parent	f8813fc6a94b4e8e6d5e77009458ed8cb5a856c7 (diff)
download	bugzilla-2d792a108434d9ea59ebf75ae09fb69cbab6fb71.tar.gz bugzilla-2d792a108434d9ea59ebf75ae09fb69cbab6fb71.tar.xz