From 1d057f02b277d29ad4d232d598c49b0344798b40 Mon Sep 17 00:00:00 2001
From: "bbaetz%acm.org" <>
Date: Tue, 3 Jun 2003 16:47:37 +0000
Subject: Bug 180635 - Enhance Bugzilla::User to store additional information
 r=myk,jake

---
 token.cgi | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

(limited to 'token.cgi')

diff --git a/token.cgi b/token.cgi
index 7f7299a57..25f68b70e 100755
--- a/token.cgi
+++ b/token.cgi
@@ -44,6 +44,8 @@ quietly_check_login('permit_anonymous');
 # token-related tasks.
 use Token;
 
+use Bugzilla::User;
+
 ################################################################################
 # Data Validation / Security Authorization
 ################################################################################
@@ -248,7 +250,10 @@ sub changeEmail {
     SendSQL("DELETE FROM tokens WHERE userid = $userid 
                                   AND tokentype = 'emailnew'");
     SendSQL("UNLOCK TABLES");
-    DeriveGroup($userid);
+
+    # The email address has been changed, so we need to rederive the groups
+    my $user = new Bugzilla::User($userid);
+    $user->derive_groups;
 
     # Return HTTP response headers.
     print Bugzilla->cgi->header();
@@ -283,7 +288,16 @@ sub cancelChangeEmail {
                  SET      login_name = $quotedoldemail
                  WHERE    userid = $userid");
             SendSQL("UNLOCK TABLES");
-            DeriveGroup($userid);
+
+            # email has changed, so rederive groups
+            # Note that this is done _after_ the tables are unlocked
+            # This is sort of a race condition (given the lack of transactions)
+            # but the user had access to it just now, so it's not a security
+            # issue
+
+            my $user = new Bugzilla::User($userid);
+            $user->derive_groups;
+
             $vars->{'message'} = "email_change_cancelled_reinstated";
         } 
     } 
-- 
cgit v1.2.3-24-g4f1b