From 1e68fe1e5c78228ca82ff6b41176de59e6ba0a4c Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Fri, 25 Aug 2006 15:33:19 +0000 Subject: Bug 349766: Use of uninitialized value in pattern match (m//) at editusers.cgi line 270 - Patch by Frédéric Buclin r=kevin.benton a=myk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- editusers.cgi | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) (limited to 'editusers.cgi') diff --git a/editusers.cgi b/editusers.cgi index caea2186b..0ce3a95ce 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -195,7 +195,7 @@ if ($action eq 'search') { my $password = $cgi->param('password'); my $realname = trim($cgi->param('name') || ''); my $disabledtext = trim($cgi->param('disabledtext') || ''); - my $disable_mail = $cgi->param('disable_mail') =~ /^(0|1)$/ ? $1 : 0; + my $disable_mail = $cgi->param('disable_mail') ? 1 : 0; # Lock tables during the check+creation session. $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE', @@ -235,7 +235,6 @@ if ($action eq 'search') { } elsif ($action eq 'update') { my $otherUser = check_user($otherUserID, $otherUserLogin); $otherUserID = $otherUser->id; - my $oldprofile = new Bugzilla::User($otherUserID); my $logoutNeeded = 0; my @changedFields; @@ -256,25 +255,18 @@ if ($action eq 'search') { action => "modify", object => "user"}); - # Cleanups - my $loginold = $cgi->param('loginold') || ''; - my $realnameold = $cgi->param('nameold') || ''; - my $disabledtextold = $cgi->param('disabledtextold') || ''; - my $disable_mail_old = $cgi->param('disable_mail_old') =~ /^(0|1)$/ ? - $1 : $oldprofile->email_disabled; - my $login = $cgi->param('login'); my $password = $cgi->param('password'); my $realname = trim($cgi->param('name') || ''); my $disabledtext = trim($cgi->param('disabledtext') || ''); - my $disable_mail = $cgi->param('disable_mail') =~ /^(0|1)$/ ? $1 : 0; + my $disable_mail = $cgi->param('disable_mail') ? 1 : 0; # Update profiles table entry; silently skip doing this if the user # is not authorized. if ($editusers) { my @values; - if ($login ne $loginold) { + if ($login ne $otherUser->login) { # Validate, then trick_taint. $login || ThrowUserError('user_login_required'); validate_email_syntax($login) @@ -290,7 +282,7 @@ if ($action eq 'search') { # Since we change the login, silently delete any tokens. $dbh->do('DELETE FROM tokens WHERE userid = ?', {}, $otherUserID); } - if ($realname ne $realnameold) { + if ($realname ne $otherUser->name) { # The real name may be anything; we use a placeholder for our # INSERT, and we rely on displaying code to FILTER html. trick_taint($realname); @@ -305,7 +297,7 @@ if ($action eq 'search') { push(@values, bz_crypt($password)); $logoutNeeded = 1; } - if ($disabledtext ne $disabledtextold) { + if ($disabledtext ne $otherUser->disabledtext) { # The disable text may be anything; we use a placeholder for our # INSERT, and we rely on displaying code to FILTER html. trick_taint($disabledtext); @@ -313,7 +305,7 @@ if ($action eq 'search') { push(@values, $disabledtext); $logoutNeeded = 1; } - if ($disable_mail != $disable_mail_old) { + if ($disable_mail != $otherUser->email_disabled) { trick_taint($disable_mail); push(@changedFields, 'disable_mail'); push(@values, $disable_mail); @@ -419,7 +411,7 @@ if ($action eq 'search') { userDataToVars($otherUserID); $vars->{'message'} = 'account_updated'; - $vars->{'loginold'} = $loginold; + $vars->{'loginold'} = $otherUser->login; $vars->{'changed_fields'} = \@changedFields; $vars->{'groups_added_to'} = \@groupsAddedTo; $vars->{'groups_removed_from'} = \@groupsRemovedFrom; -- cgit v1.2.3-24-g4f1b