diff options
| author | Byron Jones <glob@mozilla.com> | 2011-08-04 22:44:48 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-08-04 22:44:48 +0200 |
| commit | 75b2accb3ad0c02aff7d1c5925456040abb130a8 (patch) | |
| tree | f98d220551a6058093dff3a68759ea913215e5fb /userprefs.cgi | |
| parent | 818ad5e10408f6b513ac276f575bceb082401142 (diff) | |
| download | bugzilla-75b2accb3ad0c02aff7d1c5925456040abb130a8.tar.gz bugzilla-75b2accb3ad0c02aff7d1c5925456040abb130a8.tar.xz | |
Bug 670868: (CVE-2011-2978) [SECURITY] Account preferences page trusts user-modifiable field for obtaining current e-mail address
r/a=LpSolit
Diffstat (limited to 'userprefs.cgi')
| -rwxr-xr-x | userprefs.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index 009361324..f411326a2 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -85,7 +85,7 @@ sub SaveAccount { my $pwd1 = $cgi->param('new_password1'); my $pwd2 = $cgi->param('new_password2'); - my $old_login_name = $cgi->param('old_login'); + my $old_login_name = $user->login; my $new_login_name = trim($cgi->param('new_login_name')); if ($user->authorizer->can_change_password |