diff options
Diffstat (limited to 'editusers.cgi')
-rwxr-xr-x | editusers.cgi | 78 |
1 files changed, 10 insertions, 68 deletions
diff --git a/editusers.cgi b/editusers.cgi index 5f356fb40..a1c82db9f 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -226,9 +226,6 @@ if ($action eq 'search') { my $otherUser = check_user($otherUserID, $otherUserLogin); $otherUserID = $otherUser->id; - my $logoutNeeded = 0; - my @changedFields; - # Lock tables during the check+update session. $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE', @@ -245,73 +242,19 @@ if ($action eq 'search') { action => "modify", object => "user"}); - my $login = $cgi->param('login'); - my $password = $cgi->param('password'); - my $realname = trim($cgi->param('name') || ''); - my $disabledtext = trim($cgi->param('disabledtext') || ''); - my $disable_mail = $cgi->param('disable_mail') ? 1 : 0; + $vars->{'loginold'} = $otherUser->login; # Update profiles table entry; silently skip doing this if the user # is not authorized. + my %changes; if ($editusers) { - my @values; - - if ($login ne $otherUser->login) { - # Validating untaints for us. - $login || ThrowUserError('user_login_required'); - validate_email_syntax($login) - || ThrowUserError('illegal_email_address', {addr => $login}); - is_available_username($login) - || ThrowUserError('account_exists', {email => $login}); - - push(@changedFields, 'login_name'); - push(@values, $login); - $logoutNeeded = 1; - - # Since we change the login, silently delete any tokens. - $dbh->do('DELETE FROM tokens WHERE userid = ?', {}, $otherUserID); - } - if ($realname ne $otherUser->name) { - # The real name may be anything; we use a placeholder for our - # INSERT, and we rely on displaying code to FILTER html. - trick_taint($realname); - push(@changedFields, 'realname'); - push(@values, $realname); - } - if ($password) { - # Validating untaints for us. - validate_password($password) if $password; - push(@changedFields, 'cryptpassword'); - push(@values, bz_crypt($password)); - $logoutNeeded = 1; - } - if ($disabledtext ne $otherUser->disabledtext) { - # The disable text may be anything; we use a placeholder for our - # INSERT, and we rely on displaying code to FILTER html. - trick_taint($disabledtext); - push(@changedFields, 'disabledtext'); - push(@values, $disabledtext); - $logoutNeeded = 1; - } - if ($disable_mail != $otherUser->email_disabled) { - push(@changedFields, 'disable_mail'); - push(@values, $disable_mail); - } - if (@changedFields) { - push (@values, $otherUserID); - $logoutNeeded && Bugzilla->logout_user($otherUser); - $dbh->do('UPDATE profiles SET ' . - join(' = ?,', @changedFields).' = ? ' . - 'WHERE userid = ?', - undef, @values); - # XXX: should create profiles_activity entries. - # - # We create a new user object here because it needs to - # read information that may have changed since this - # script started. - my $newprofile = new Bugzilla::User($otherUserID); - $newprofile->derive_regexp_groups(); - } + $otherUser->set_login($cgi->param('login')); + $otherUser->set_name($cgi->param('name')); + $otherUser->set_password($cgi->param('password')) + if $cgi->param('password'); + $otherUser->set_disabledtext($cgi->param('disabledtext')); + $otherUser->set_disable_mail($cgi->param('disable_mail')); + %changes = %{$otherUser->update()}; } # Update group settings. @@ -399,8 +342,7 @@ if ($action eq 'search') { delete_token($token); $vars->{'message'} = 'account_updated'; - $vars->{'loginold'} = $otherUser->login; - $vars->{'changed_fields'} = \@changedFields; + $vars->{'changed_fields'} = [keys %changes]; $vars->{'groups_added_to'} = \@groupsAddedTo; $vars->{'groups_removed_from'} = \@groupsRemovedFrom; $vars->{'groups_granted_rights_to_bless'} = \@groupsGrantedRightsToBless; |