From ef279711cea60d1ee999a6b74a6d5f0fa8552cf4 Mon Sep 17 00:00:00 2001
From: Koosha Khajeh Moogahi <koosha.khajeh@gmail.com>
Date: Mon, 28 May 2012 15:44:28 +0200
Subject: Bug 355596: Your password should be requested to confirm your email
 address change r/a=LpSolit

---
 template/en/default/account/email/confirm.html.tmpl |  6 +++---
 template/en/default/global/user-error.html.tmpl     |  4 ++--
 token.cgi                                           | 16 +++++++++++-----
 3 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/template/en/default/account/email/confirm.html.tmpl b/template/en/default/account/email/confirm.html.tmpl
index c990e043c..5b547782d 100644
--- a/template/en/default/account/email/confirm.html.tmpl
+++ b/template/en/default/account/email/confirm.html.tmpl
@@ -14,7 +14,7 @@
 [% PROCESS global/header.html.tmpl %]
 
 <p>
-  To change your email address, please enter the old email address:
+  To change your email address, please enter your current password:
 </p>
 
 <form method="post" action="token.cgi">
@@ -22,8 +22,8 @@
   <input type="hidden" name="a" value="chgem">
   <table>
     <tr>
-      <th align="right">Old Email Address:</th>
-      <td><input type="text" name="email" size="36"></td>
+      <th align="right">Password:</th>
+      <td><input type="password" name="password" size="36"></td>
     </tr>
     <tr>
       <th align="right">&nbsp;</th>
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 5d862aa9f..a580fdfde 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1299,8 +1299,8 @@
     [% END %]
 
   [% ELSIF error == "old_password_incorrect" %]
-    [% title = "Incorrect Old Password" %]
-    You did not enter your old password correctly.
+    [% title = "Incorrect Password" %]
+    You did not enter your current password correctly.
 
   [% ELSIF error == "old_password_required" %]
     [% title = "Old Password Required" %]
diff --git a/token.cgi b/token.cgi
index 9a6a0de88..d5ebad78d 100755
--- a/token.cgi
+++ b/token.cgi
@@ -195,10 +195,18 @@ sub changeEmail {
     my $dbh = Bugzilla->dbh;
     my ($old_email, $new_email) = split(/:/,$eventdata);
 
-    # Check the user entered the correct old email address
-    if (lc($cgi->param('email')) ne lc($old_email)) {
-        ThrowUserError("email_confirmation_failed");
+    $dbh->bz_start_transaction();
+    
+    my $user = Bugzilla::User->check({ id => $userid });
+    my $realpassword = $user->cryptpassword;
+    my $cgipassword  = $cgi->param('password');
+
+    # Make sure the user who wants to change the email address
+    # is the real account owner.
+    if (bz_crypt($cgipassword, $realpassword) ne $realpassword) {
+        ThrowUserError("old_password_incorrect");
     }
+
     # The new email address should be available as this was 
     # confirmed initially so cancel token if it is not still available
     if (! is_available_username($new_email,$old_email)) {
@@ -207,8 +215,6 @@ sub changeEmail {
         ThrowUserError("account_exists", { email => $new_email } );
     } 
 
-    $dbh->bz_start_transaction();
-    my $user = Bugzilla::User->check({ id => $userid });
     # Update the user's login name in the profiles table.
     $user->set_login($new_email);
     $user->update({ keep_session => 1, keep_tokens => 1 });
-- 
cgit v1.2.3-24-g4f1b