From ef279711cea60d1ee999a6b74a6d5f0fa8552cf4 Mon Sep 17 00:00:00 2001
From: Koosha Khajeh Moogahi <koosha.khajeh@gmail.com>
Date: Mon, 28 May 2012 15:44:28 +0200
Subject: Bug 355596: Your password should be requested to confirm your email
 address change r/a=LpSolit

---
 token.cgi | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'token.cgi')

diff --git a/token.cgi b/token.cgi
index 9a6a0de88..d5ebad78d 100755
--- a/token.cgi
+++ b/token.cgi
@@ -195,10 +195,18 @@ sub changeEmail {
     my $dbh = Bugzilla->dbh;
     my ($old_email, $new_email) = split(/:/,$eventdata);
 
-    # Check the user entered the correct old email address
-    if (lc($cgi->param('email')) ne lc($old_email)) {
-        ThrowUserError("email_confirmation_failed");
+    $dbh->bz_start_transaction();
+    
+    my $user = Bugzilla::User->check({ id => $userid });
+    my $realpassword = $user->cryptpassword;
+    my $cgipassword  = $cgi->param('password');
+
+    # Make sure the user who wants to change the email address
+    # is the real account owner.
+    if (bz_crypt($cgipassword, $realpassword) ne $realpassword) {
+        ThrowUserError("old_password_incorrect");
     }
+
     # The new email address should be available as this was 
     # confirmed initially so cancel token if it is not still available
     if (! is_available_username($new_email,$old_email)) {
@@ -207,8 +215,6 @@ sub changeEmail {
         ThrowUserError("account_exists", { email => $new_email } );
     } 
 
-    $dbh->bz_start_transaction();
-    my $user = Bugzilla::User->check({ id => $userid });
     # Update the user's login name in the profiles table.
     $user->set_login($new_email);
     $user->update({ keep_session => 1, keep_tokens => 1 });
-- 
cgit v1.2.3-24-g4f1b