From 8f2bc1b07ce4150a878e80f5bce09e819cbfd414 Mon Sep 17 00:00:00 2001
From: "mkanat%kerio.com" <>
Date: Thu, 12 May 2005 08:52:13 +0000
Subject: Bug 287436: [SECURITY] After having logged in, links to change the
 report type contain username and password Patch By Marc Schumann
 <wurblzap@gmail.com> r=gerv, a=justdave

---
 userprefs.cgi | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'userprefs.cgi')

diff --git a/userprefs.cgi b/userprefs.cgi
index 9c2135eb3..1cf15868b 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -388,12 +388,19 @@ sub SaveSavedSearches() {
 # Live code (not subroutine definitions) starts here
 ###############################################################################
 
+my $cgi = Bugzilla->cgi;
+
+# This script needs direct access to the username and password CGI variables,
+# so we save them before their removal in Bugzilla->login
+my $bugzilla_login    = $cgi->param('Bugzilla_login');
+my $bugzilla_password = $cgi->param('Bugzilla_password');
+
 Bugzilla->login(LOGIN_REQUIRED);
+$cgi->param('Bugzilla_login', $bugzilla_login);
+$cgi->param('Bugzilla_password', $bugzilla_password);
 
 GetVersionTable();
 
-my $cgi = Bugzilla->cgi;
-
 $vars->{'changes_saved'} = $cgi->param('dosave');
 
 my $current_tab_name = $cgi->param('tab') || "account";
-- 
cgit v1.2.3-24-g4f1b