Bug 349766: Use of uninitialized value in pattern match (m//) at editusers.cgi…

editusers.cgi

@@ -195,7 +195,7 @@ if ($action eq 'search') {
     my $password     = $cgi->param('password');
     my $realname     = trim($cgi->param('name')         || '');
     my $disabledtext = trim($cgi->param('disabledtext') || '');
-    my $disable_mail = $cgi->param('disable_mail') =~ /^(0|1)$/ ? $1 : 0;
+    my $disable_mail = $cgi->param('disable_mail') ? 1 : 0;
 
     # Lock tables during the check+creation session.
     $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE',
@@ -235,7 +235,6 @@ if ($action eq 'search') {
 } elsif ($action eq 'update') {
     my $otherUser = check_user($otherUserID, $otherUserLogin);
     $otherUserID = $otherUser->id;
-    my $oldprofile = new Bugzilla::User($otherUserID);
 
     my $logoutNeeded = 0;
     my @changedFields;
@@ -256,25 +255,18 @@ if ($action eq 'search') {
                                            action => "modify",
                                            object => "user"});
 
-    # Cleanups
-    my $loginold         = $cgi->param('loginold')         || '';
-    my $realnameold      = $cgi->param('nameold')          || '';
-    my $disabledtextold  = $cgi->param('disabledtextold')  || '';
-    my $disable_mail_old = $cgi->param('disable_mail_old') =~ /^(0|1)$/ ? 
-                           $1 : $oldprofile->email_disabled;
-
     my $login        = $cgi->param('login');
     my $password     = $cgi->param('password');
     my $realname     = trim($cgi->param('name')         || '');
     my $disabledtext = trim($cgi->param('disabledtext') || '');
-    my $disable_mail = $cgi->param('disable_mail') =~ /^(0|1)$/ ? $1 : 0;
+    my $disable_mail = $cgi->param('disable_mail') ? 1 : 0;
 
     # Update profiles table entry; silently skip doing this if the user
     # is not authorized.
     if ($editusers) {
         my @values;
 
-        if ($login ne $loginold) {
+        if ($login ne $otherUser->login) {
             # Validate, then trick_taint.
             $login || ThrowUserError('user_login_required');
             validate_email_syntax($login)
@@ -290,7 +282,7 @@ if ($action eq 'search') {
             # Since we change the login, silently delete any tokens.
             $dbh->do('DELETE FROM tokens WHERE userid = ?', {}, $otherUserID);
         }
-        if ($realname ne $realnameold) {
+        if ($realname ne $otherUser->name) {
             # The real name may be anything; we use a placeholder for our
             # INSERT, and we rely on displaying code to FILTER html.
             trick_taint($realname);
@@ -305,7 +297,7 @@ if ($action eq 'search') {
             push(@values, bz_crypt($password));
             $logoutNeeded = 1;
         }
-        if ($disabledtext ne $disabledtextold) {
+        if ($disabledtext ne $otherUser->disabledtext) {
             # The disable text may be anything; we use a placeholder for our
             # INSERT, and we rely on displaying code to FILTER html.
             trick_taint($disabledtext);
@@ -313,7 +305,7 @@ if ($action eq 'search') {
             push(@values, $disabledtext);
             $logoutNeeded = 1;
         }
-        if ($disable_mail != $disable_mail_old) {
+        if ($disable_mail != $otherUser->email_disabled) {
             trick_taint($disable_mail);
             push(@changedFields, 'disable_mail');
             push(@values, $disable_mail);
@@ -419,7 +411,7 @@ if ($action eq 'search') {
     userDataToVars($otherUserID);
 
     $vars->{'message'} = 'account_updated';
-    $vars->{'loginold'} = $loginold;
+    $vars->{'loginold'} = $otherUser->login;
     $vars->{'changed_fields'} = \@changedFields;
     $vars->{'groups_added_to'} = \@groupsAddedTo;
     $vars->{'groups_removed_from'} = \@groupsRemovedFrom;

template/en/default/admin/users/userdata.html.tmpl

@@ -28,8 +28,6 @@
       <input size="64" maxlength="255" name="login" 
              id="login" value="[% otheruser.login FILTER html %]" />
       [% IF editform %]
-        <input type="hidden" name="loginold"
-               value="[% otheruser.login FILTER html %]" />
         [% IF !otheruser.groups.bz_sudo_protect %]
           <br />
           <a href="relogin.cgi?action=prepare-sudo&amp;target_login=
@@ -48,10 +46,6 @@
       <input size="64" maxlength="255" name="name"
              autocomplete="off"
              id="name" value="[% otheruser.name FILTER html %]" />
-      [% IF editform %]
-        <input type="hidden" name="nameold"
-               value="[% otheruser.name FILTER html %]" />
-      [% END %]
     [% ELSE %]
       [% otheruser.name FILTER html %]
     [% END %]
@@ -76,15 +70,6 @@
       [% IF otheruser.email_disabled %] checked="checked" [% END %] />
       (This affects bugmail and whinemail, not password-reset or other 
       non-bug-related emails)
-      [% IF editform %]
-        <input type="hidden" name="disable_mail_old"
-          [% IF otheruser.email_disabled %]
-            value="1"
-          [% ELSE %]
-            value="0" 
-          [% END %]
-        />
-      [% END %]
     </td>
   </tr>
   <tr>
@@ -101,10 +86,6 @@
        %]<br>
       (If non-empty, then the account will be disabled, and this text should
       explain why.)
-      [% IF editform %]
-        <input type="hidden" name="disabledtextold"
-               value="[% otheruser.disabledtext FILTER html %]" />
-      [% END %]
     </td>
   </tr>
 [% END %]