From 2d792a108434d9ea59ebf75ae09fb69cbab6fb71 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Wed, 28 Dec 2011 23:11:44 +0100
Subject: Bug 711714: (CVE-2011-3667) [SECURITY] The
 User.offer_account_by_email WebService method lets you create new user
 accounts independently of the value of
 Bugzilla::Auth::Verify::*::user_can_create_account r=glob a=LpSolit

---
 token.cgi | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'token.cgi')

diff --git a/token.cgi b/token.cgi
index c43acdbfd..048670a1c 100755
--- a/token.cgi
+++ b/token.cgi
@@ -298,6 +298,8 @@ sub cancelChangeEmail {
 sub request_create_account {
     my ($date, $login_name, $token) = @_;
 
+    Bugzilla->user->check_account_creation_enabled;
+
     $vars->{'token'} = $token;
     $vars->{'email'} = $login_name . Bugzilla->params->{'emailsuffix'};
     $vars->{'expiration_ts'} = ctime(str2time($date) + MAX_TOKEN_AGE * 86400);
@@ -310,6 +312,8 @@ sub request_create_account {
 sub confirm_create_account {
     my ($login_name, $token) = @_;
 
+    Bugzilla->user->check_account_creation_enabled;
+
     my $password = $cgi->param('passwd1') || '';
     validate_password($password, $cgi->param('passwd2') || '');
     # Make sure that these never show up anywhere in the UI.
-- 
cgit v1.2.3-24-g4f1b