summaryrefslogtreecommitdiffstats
path: root/userprefs.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2005-12-21 07:25:57 +0100
committerlpsolit%gmail.com <>2005-12-21 07:25:57 +0100
commita2a422ca3f0edf77f6aafd064b4e00a5883bb1b8 (patch)
tree2d50c5c1c790991ae4598d622b8de80f5825510d /userprefs.cgi
parent77788555fd12b38f7db7022f84ed4f5eb17f5301 (diff)
downloadbugzilla-a2a422ca3f0edf77f6aafd064b4e00a5883bb1b8.tar.gz
bugzilla-a2a422ca3f0edf77f6aafd064b4e00a5883bb1b8.tar.xz
Bug 287741: changing password from 'password' to 'password' should not invalidate login cookies - Patch by Marc Schumann <wurblzap@gmail.com> r=LpSolit a=justdave
Diffstat (limited to 'userprefs.cgi')
-rwxr-xr-xuserprefs.cgi22
1 files changed, 12 insertions, 10 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index df2255ce4..3dc68121e 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -97,16 +97,18 @@ sub SaveAccount {
$cgi->param('new_password1')
|| ThrowUserError("new_password_missing");
ValidatePassword($pwd1, $pwd2);
-
- my $cryptedpassword = bz_crypt($pwd1);
- trick_taint($cryptedpassword); # Only used in a placeholder
- $dbh->do(q{UPDATE profiles
- SET cryptpassword = ?
- WHERE userid = ?},
- undef, ($cryptedpassword, $user->id));
-
- # Invalidate all logins except for the current one
- Bugzilla->logout(LOGOUT_KEEP_CURRENT);
+
+ if ($cgi->param('Bugzilla_password') ne $pwd1) {
+ my $cryptedpassword = bz_crypt($pwd1);
+ trick_taint($cryptedpassword); # Only used in a placeholder
+ $dbh->do(q{UPDATE profiles
+ SET cryptpassword = ?
+ WHERE userid = ?},
+ undef, ($cryptedpassword, $user->id));
+
+ # Invalidate all logins except for the current one
+ Bugzilla->logout(LOGOUT_KEEP_CURRENT);
+ }
}
}
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-04-27 09:51:36 +0200