summaryrefslogtreecommitdiffstats
path: root/token.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'token.cgi')
-rwxr-xr-xtoken.cgi20
1 files changed, 12 insertions, 8 deletions
diff --git a/token.cgi b/token.cgi
index 9cfe37b57..51ed93977 100755
--- a/token.cgi
+++ b/token.cgi
@@ -118,11 +118,13 @@ if ( $action eq 'reqpw' ) {
my $password;
if ( $action eq 'chgpw' ) {
$password = $cgi->param('password');
- defined $password
- && defined $cgi->param('matchpassword')
- || ThrowUserError("require_new_password");
+ my $matchpassword = $cgi->param('matchpassword');
+ ThrowUserError("require_new_password")
+ unless defined $password && defined $matchpassword;
+
+ Bugzilla->assert_password_is_secure($password);
+ Bugzilla->assert_passwords_match($password, $matchpassword);
- validate_password($password, $cgi->param('matchpassword'));
# Make sure that these never show up in the UI under any circumstances.
$cgi->delete('password', 'matchpassword');
}
@@ -391,15 +393,17 @@ sub confirm_create_account {
Bugzilla->user->check_account_creation_enabled;
my (undef, undef, $login_name) = Bugzilla::Token::GetTokenData($token);
- my $password = $cgi->param('passwd1') || '';
- validate_password($password, $cgi->param('passwd2') || '');
+ my $password1 = $cgi->param('passwd1');
+ my $password2 = $cgi->param('passwd2');
# Make sure that these never show up anywhere in the UI.
$cgi->delete('passwd1', 'passwd2');
+ Bugzilla->assert_password_is_secure($password1);
+ Bugzilla->assert_passwords_match($password1, $password2);
my $otheruser = Bugzilla::User->create({
login_name => $login_name,
realname => scalar $cgi->param('realname'),
- cryptpassword => $password});
+ cryptpassword => $password1});
# Now delete this token.
delete_token($token);
@@ -410,7 +414,7 @@ sub confirm_create_account {
# Log in the new user using credentials he just gave.
$cgi->param('Bugzilla_login', $otheruser->login);
- $cgi->param('Bugzilla_password', $password);
+ $cgi->param('Bugzilla_password', $password1);
Bugzilla->login(LOGIN_OPTIONAL);
print $cgi->header();