From bea6f25db1bf8f4333b3bf72d73015c7cdb9a197 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Sat, 20 Sep 2008 01:00:25 +0000
Subject: Bug 455814: token.cgi should reject password change requests for
 disabled accounts - Patch by Frédéric Buclin <LpSolit@gmail.com>
 r=ghendricks a=LpSolit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 token.cgi | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'token.cgi')

diff --git a/token.cgi b/token.cgi
index bbbbe01c6..34a017376 100755
--- a/token.cgi
+++ b/token.cgi
@@ -111,6 +111,12 @@ if ( $action eq 'reqpw' ) {
         || ThrowUserError('illegal_email_address', {addr => $login_name});
 
     $user_account = Bugzilla::User->check($login_name);
+
+    # Make sure the user account is active.
+    if ($user_account->is_disabled) {
+        ThrowUserError('account_disabled',
+                       {disabled_reason => get_text('account_disabled', {account => $login_name})});
+    }
 }
 
 # If the user is changing their password, make sure they submitted a new
-- 
cgit v1.2.3-24-g4f1b