From 7ee5da70ab0a97bd1a03ad9ac32fee10de64226b Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Thu, 28 Jul 2005 03:15:37 +0000
Subject: Bug 292059: No locking in createaccount.cgi - Patch by Frédéric
 Buclin <LpSolit@gmail.com> r=wicked a=myk
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 createaccount.cgi | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

(limited to 'createaccount.cgi')

diff --git a/createaccount.cgi b/createaccount.cgi
index d42ed76ec..337f89d0a 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -30,22 +30,24 @@ use lib qw(.);
 
 require "CGI.pl";
 
+use Bugzilla;
 use Bugzilla::Constants;
 use Bugzilla::User;
 use Bugzilla::BugMail;
 use Bugzilla::Util;
 
 # Shut up misguided -w warnings about "used only once":
-use vars qw(
-  $template
-  $vars
-);
+use vars qw($template $vars);
 
 # Just in case someone already has an account, let them get the correct footer
-# on an error message.  The user is logged out just before the account is
+# on an error message. The user is logged out just after the account is
 # actually created.
 Bugzilla->login(LOGIN_OPTIONAL);
 
+my $dbh = Bugzilla->dbh;
+my $cgi = Bugzilla->cgi;
+print $cgi->header();
+
 # If we're using LDAP for login, then we can't create a new account here.
 unless (Bugzilla::Auth->can_edit('new')) {
     ThrowUserError("auth_cant_create_account");
@@ -56,9 +58,6 @@ unless ($createexp) {
     ThrowUserError("account_creation_disabled");
 }
 
-my $cgi = Bugzilla->cgi;
-print $cgi->header();
-
 my $login = $cgi->param('login');
 
 if (defined($login)) {
@@ -66,9 +65,12 @@ if (defined($login)) {
     my $realname = trim($cgi->param('realname'));
     check_email_syntax($login);
     $vars->{'login'} = $login;
-    
+
+    $dbh->bz_lock_tables('profiles WRITE', 'email_setting WRITE', 'tokens READ');
+
     if (!is_available_username($login)) {
-        # Account already exists        
+        # Account already exists
+        $dbh->bz_unlock_tables();
         $template->process("account/exists.html.tmpl", $vars)
           || ThrowTemplateError($template->error());
         exit;
@@ -78,11 +80,14 @@ if (defined($login)) {
         ThrowUserError("account_creation_disabled");
     }
     
+    # Create account
+    my $password = insert_new_user($login, $realname);
+
+    $dbh->bz_unlock_tables();
+
     # Clear out the login cookies in case the user is currently logged in.
     Bugzilla->logout();
 
-    # Create account
-    my $password = insert_new_user($login, $realname);
     Bugzilla::BugMail::MailPassword($login, $password);
     
     $template->process("account/created.html.tmpl", $vars)
-- 
cgit v1.2.3-24-g4f1b