From 9ab537a54529b0444df941fed04565bd1f1a32b2 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sat, 13 Aug 2005 19:35:12 +0000 Subject: Bug 304044: Missing scalar() for some parameters - Patch by Frédéric Buclin r=mkanat a=justdave MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- userprefs.cgi | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'userprefs.cgi') diff --git a/userprefs.cgi b/userprefs.cgi index 833f2bfa8..0a6ffe288 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -76,12 +76,11 @@ sub SaveAccount { if ($cgi->param('Bugzilla_password') ne "" || $pwd1 ne "" || $pwd2 ne "") { - my $old = SqlQuote($cgi->param('Bugzilla_password')); SendSQL("SELECT cryptpassword FROM profiles WHERE userid = $userid"); my $oldcryptedpwd = FetchOneColumn(); $oldcryptedpwd || ThrowCodeError("unable_to_retrieve_password"); - if (crypt($cgi->param('Bugzilla_password'), $oldcryptedpwd) ne + if (crypt(scalar($cgi->param('Bugzilla_password')), $oldcryptedpwd) ne $oldcryptedpwd) { ThrowUserError("old_password_incorrect"); -- cgit v1.2.3-24-g4f1b