diff options
-rwxr-xr-x | userprefs.cgi | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index e527b1489..1b6347456 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -32,8 +32,7 @@ sub DoAccount { my $dbh = Bugzilla->dbh; my $user = Bugzilla->user; - ($vars->{'realname'}) = $dbh->selectrow_array( - "SELECT realname FROM profiles WHERE userid = ?", undef, $user->id); + $vars->{'realname'} = $user->name; if (Bugzilla->params->{'allowemailchange'} && $user->authorizer->can_change_email) @@ -64,6 +63,9 @@ sub DoAccount { sub SaveAccount { my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; + + $dbh->bz_start_transaction; + my $user = Bugzilla->user; my $oldpassword = $cgi->param('old_password'); @@ -86,12 +88,7 @@ sub SaveAccount { validate_password($pwd1, $pwd2); if ($oldpassword ne $pwd1) { - my $cryptedpassword = bz_crypt($pwd1); - $dbh->do(q{UPDATE profiles - SET cryptpassword = ? - WHERE userid = ?}, - undef, ($cryptedpassword, $user->id)); - + $user->set_password($pwd1); # Invalidate all logins except for the current one Bugzilla->logout(LOGOUT_KEEP_CURRENT); } @@ -121,10 +118,9 @@ sub SaveAccount { } } - my $realname = trim($cgi->param('realname')); - trick_taint($realname); # Only used in a placeholder - $dbh->do("UPDATE profiles SET realname = ? WHERE userid = ?", - undef, ($realname, $user->id)); + $user->set_name($cgi->param('realname')); + $user->update({ keep_session => 1, keep_tokens => 1 }); + $dbh->bz_commit_transaction; } |