From 9ab537a54529b0444df941fed04565bd1f1a32b2 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Sat, 13 Aug 2005 19:35:12 +0000
Subject: Bug 304044: Missing scalar() for some parameters - Patch by Frédéric
 Buclin <LpSolit@gmail.com> r=mkanat a=justdave
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 userprefs.cgi | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'userprefs.cgi')

diff --git a/userprefs.cgi b/userprefs.cgi
index 833f2bfa8..0a6ffe288 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -76,12 +76,11 @@ sub SaveAccount {
     if ($cgi->param('Bugzilla_password') ne "" || 
         $pwd1 ne "" || $pwd2 ne "") 
     {
-        my $old = SqlQuote($cgi->param('Bugzilla_password'));
         SendSQL("SELECT cryptpassword FROM profiles WHERE userid = $userid");
         my $oldcryptedpwd = FetchOneColumn();
         $oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password");
 
-        if (crypt($cgi->param('Bugzilla_password'), $oldcryptedpwd) ne 
+        if (crypt(scalar($cgi->param('Bugzilla_password')), $oldcryptedpwd) ne 
                   $oldcryptedpwd) 
         {
             ThrowUserError("old_password_incorrect");
-- 
cgit v1.2.3-24-g4f1b