From dd7eacbef2571efe55e5b18d80e93837dc6619d1 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Wed, 17 Aug 2011 14:54:44 +0200
Subject: Bug 677522: IssueEmailChangeToken() should get the old login name
 from the user object r=timello a=LpSolit

---
 Bugzilla/Token.pm | 8 ++++----
 userprefs.cgi     | 7 ++-----
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index c339c5984..86220aa29 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -92,8 +92,9 @@ sub issue_new_user_account_token {
 }
 
 sub IssueEmailChangeToken {
-    my ($user, $old_email, $new_email) = @_;
+    my ($user, $new_email) = @_;
     my $email_suffix = Bugzilla->params->{'emailsuffix'};
+    my $old_email = $user->login;
 
     my ($token, $token_ts) = _create_token($user->id, 'emailold', $old_email . ":" . $new_email);
 
@@ -447,7 +448,7 @@ Bugzilla::Token - Provides different routines to manage tokens.
     use Bugzilla::Token;
 
     Bugzilla::Token::issue_new_user_account_token($login_name);
-    Bugzilla::Token::IssueEmailChangeToken($user, $old_email, $new_email);
+    Bugzilla::Token::IssueEmailChangeToken($user, $new_email);
     Bugzilla::Token::IssuePasswordToken($user);
     Bugzilla::Token::DeletePasswordTokens($user_id, $reason);
     Bugzilla::Token::Cancel($token, $cancelaction, $vars);
@@ -478,7 +479,7 @@ Bugzilla::Token - Provides different routines to manage tokens.
  Returns:     Nothing. It throws an error if the same user made the same
               request in the last few minutes.
 
-=item C<sub IssueEmailChangeToken($user, $old_email, $new_email)>
+=item C<sub IssueEmailChangeToken($user, $new_email)>
 
  Description: Sends two distinct tokens per email to the old and new email
               addresses to confirm the email address change for the given
@@ -486,7 +487,6 @@ Bugzilla::Token - Provides different routines to manage tokens.
 
  Params:      $user      - User object of the user requesting a new
                            email address.
-              $old_email - The current (old) email address of the user.
               $new_email - The new email address of the user.
 
  Returns:     Nothing.
diff --git a/userprefs.cgi b/userprefs.cgi
index f411326a2..94fe1def2 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -84,8 +84,6 @@ sub SaveAccount {
     my $oldpassword = $cgi->param('old_password');
     my $pwd1 = $cgi->param('new_password1');
     my $pwd2 = $cgi->param('new_password2');
-
-    my $old_login_name = $user->login;
     my $new_login_name = trim($cgi->param('new_login_name'));
 
     if ($user->authorizer->can_change_password
@@ -119,7 +117,7 @@ sub SaveAccount {
         && Bugzilla->params->{"allowemailchange"}
         && $new_login_name)
     {
-        if ($old_login_name ne $new_login_name) {
+        if ($user->login ne $new_login_name) {
             $oldpassword || ThrowUserError("old_password_required");
 
             # Block multiple email changes for the same user.
@@ -133,8 +131,7 @@ sub SaveAccount {
             is_available_username($new_login_name)
               || ThrowUserError("account_exists", {email => $new_login_name});
 
-            Bugzilla::Token::IssueEmailChangeToken($user, $old_login_name,
-                                                   $new_login_name);
+            Bugzilla::Token::IssueEmailChangeToken($user, $new_login_name);
 
             $vars->{'email_changes_saved'} = 1;
         }
-- 
cgit v1.2.3-24-g4f1b