diff options
| author | Byron Jones <glob@mozilla.com> | 2015-07-29 08:40:39 +0200 |
|---|---|---|
| committer | Byron Jones <glob@mozilla.com> | 2015-07-29 08:40:39 +0200 |
| commit | ec79818e62f5b052334db07ad964c408fef1e1f0 (patch) | |
| tree | ef12f1e268fb46f02ada8379180f1ef101a169d3 /userprefs.cgi | |
| parent | b5ae6badff13e5ae8848a05af16186890ddc4191 (diff) | |
| download | bugzilla-ec79818e62f5b052334db07ad964c408fef1e1f0.tar.gz bugzilla-ec79818e62f5b052334db07ad964c408fef1e1f0.tar.xz | |
Bug 1188374 - account disabling lacks csrf protection
Diffstat (limited to 'userprefs.cgi')
| -rwxr-xr-x | userprefs.cgi | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index 2814e578c..8f18de8c4 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -615,6 +615,7 @@ Bugzilla->login(LOGIN_REQUIRED); my $save_changes = $cgi->param('dosave'); $vars->{'changes_saved'} = $save_changes; +my $disable_account = $cgi->param('account_disable'); my $current_tab_name = $cgi->param('tab') || "account"; @@ -624,7 +625,7 @@ trick_taint($current_tab_name); $vars->{'current_tab_name'} = $current_tab_name; my $token = $cgi->param('token'); -check_token_data($token, 'edit_user_prefs') if $save_changes; +check_token_data($token, 'edit_user_prefs') if $save_changes || $disable_account; # Do any saving, and then display the current tab. SWITCH: for ($current_tab_name) { @@ -639,7 +640,7 @@ SWITCH: for ($current_tab_name) { last SWITCH if $handled; /^account$/ && do { - # XXX DisableAccount() if $cgi->param('account_disable'); + DisableAccount() if $disable_account; SaveAccount() if $save_changes; DoAccount(); last SWITCH; |