From 19d20ef6c3b76145e2ea0ebf96a7519eda3bf64d Mon Sep 17 00:00:00 2001
From: Simon Green <mail@simon.green>
Date: Sun, 23 Aug 2015 01:33:45 -0400
Subject: Bug 670669 - Changing the e-mail address under account prefs does not
 require current password if can_change_password is false r=dkl, a=simon

---
 token.cgi | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'token.cgi')

diff --git a/token.cgi b/token.cgi
index 830ecfccb..eba336d98 100755
--- a/token.cgi
+++ b/token.cgi
@@ -210,14 +210,11 @@ sub changeEmail {
     $dbh->bz_start_transaction();
     
     my $user = Bugzilla::User->check({ id => $userid });
-    my $realpassword = $user->cryptpassword;
     my $cgipassword  = $cgi->param('password');
 
     # Make sure the user who wants to change the email address
     # is the real account owner.
-    if (bz_crypt($cgipassword, $realpassword) ne $realpassword) {
-        ThrowUserError("old_password_incorrect");
-    }
+    $user->check_current_password($cgipassword);
 
     # The new email address should be available as this was 
     # confirmed initially so cancel token if it is not still available
-- 
cgit v1.2.3-24-g4f1b