Bug 349766: Use of uninitialized value in pattern match (m//) at editusers.cgi…

Bug 349766: Use of uninitialized value in pattern match (m//) at editusers.cgi line 270 - Patch by Frédéric Buclin <LpSolit@gmail.com> r=kevin.benton a=myk

Bug 349766: Use of uninitialized value in pattern match (m//) at editusers.cgi…
1e68fe1e · lpsolit%gmail.com · 9fd592ef · 1e68fe1e · 1e68fe1e
Commit 1e68fe1e authored Aug 25, 2006 by lpsolit%gmail.com
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 34 deletions

editusers.cgi editusers.cgi +7 -15

userdata.html.tmpl template/en/default/admin/users/userdata.html.tmpl +0 -19

No files found.
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -195,7 +195,7 @@ if ($action eq 'search') {
    my $password     = $cgi->param('password');
    my $realname     = trim($cgi->param('name')         || '');
    my $disabledtext = trim($cgi->param('disabledtext') || '');
-    my $disable_mail = $cgi->param('disable_mail') =~ /^(0|1)$/ ? $1 : 0;
+    my $disable_mail = $cgi->param('disable_mail') ? 1 : 0;
    # Lock tables during the check+creation session.
    $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE',
@@ -235,7 +235,6 @@ if ($action eq 'search') {
 } elsif ($action eq 'update') {
    my $otherUser = check_user($otherUserID, $otherUserLogin);
    $otherUserID = $otherUser->id;
-    my $oldprofile = new Bugzilla::User($otherUserID);
    my $logoutNeeded = 0;
    my @changedFields;
@@ -256,25 +255,18 @@ if ($action eq 'search') {
                                           action => "modify",
                                           object => "user"});
-    # Cleanups
-    my $loginold         = $cgi->param('loginold')         || '';
-    my $realnameold      = $cgi->param('nameold')          || '';
-    my $disabledtextold  = $cgi->param('disabledtextold')  || '';
-    my $disable_mail_old = $cgi->param('disable_mail_old') =~ /^(0|1)$/ ? 
-                           $1 : $oldprofile->email_disabled;
    my $login        = $cgi->param('login');
    my $password     = $cgi->param('password');
    my $realname     = trim($cgi->param('name')         || '');
    my $disabledtext = trim($cgi->param('disabledtext') || '');
-    my $disable_mail = $cgi->param('disable_mail') =~ /^(0|1)$/ ? $1 : 0;
+    my $disable_mail = $cgi->param('disable_mail') ? 1 : 0;
    # Update profiles table entry; silently skip doing this if the user
    # is not authorized.
    if ($editusers) {
        my @values;
-        if ($login ne $loginold) {
+        if ($login ne $otherUser->login) {
            # Validate, then trick_taint.
            $login || ThrowUserError('user_login_required');
            validate_email_syntax($login)
@@ -290,7 +282,7 @@ if ($action eq 'search') {
            # Since we change the login, silently delete any tokens.
            $dbh->do('DELETE FROM tokens WHERE userid = ?', {}, $otherUserID);
        }
-        if ($realname ne $realnameold) {
+        if ($realname ne $otherUser->name) {
            # The real name may be anything; we use a placeholder for our
            # INSERT, and we rely on displaying code to FILTER html.
            trick_taint($realname);
@@ -305,7 +297,7 @@ if ($action eq 'search') {
            push(@values, bz_crypt($password));
            $logoutNeeded = 1;
        }
-        if ($disabledtext ne $disabledtextold) {
+        if ($disabledtext ne $otherUser->disabledtext) {
            # The disable text may be anything; we use a placeholder for our
            # INSERT, and we rely on displaying code to FILTER html.
            trick_taint($disabledtext);
@@ -313,7 +305,7 @@ if ($action eq 'search') {
            push(@values, $disabledtext);
            $logoutNeeded = 1;
        }
-        if ($disable_mail != $disable_mail_old) {
+        if ($disable_mail != $otherUser->email_disabled) {
            trick_taint($disable_mail);
            push(@changedFields, 'disable_mail');
            push(@values, $disable_mail);
@@ -419,7 +411,7 @@ if ($action eq 'search') {
    userDataToVars($otherUserID);
    $vars->{'message'} = 'account_updated';
-    $vars->{'loginold'} = $loginold;
+    $vars->{'loginold'} = $otherUser->login;
    $vars->{'changed_fields'} = \@changedFields;
    $vars->{'groups_added_to'} = \@groupsAddedTo;
    $vars->{'groups_removed_from'} = \@groupsRemovedFrom;

--- a/template/en/default/admin/users/userdata.html.tmpl
+++ b/template/en/default/admin/users/userdata.html.tmpl
@@ -28,8 +28,6 @@
      <input size="64" maxlength="255" name="login" 
             id="login" value="[% otheruser.login FILTER html %]" />
      [% IF editform %]
-        <input type="hidden" name="loginold"
-               value="[% otheruser.login FILTER html %]" />
        [% IF !otheruser.groups.bz_sudo_protect %]
          <br />
          <a href="relogin.cgi?action=prepare-sudo&amp;target_login=
@@ -48,10 +46,6 @@
      <input size="64" maxlength="255" name="name"
             autocomplete="off"
             id="name" value="[% otheruser.name FILTER html %]" />
-      [% IF editform %]
-        <input type="hidden" name="nameold"
-               value="[% otheruser.name FILTER html %]" />
-      [% END %]
    [% ELSE %]
      [% otheruser.name FILTER html %]
    [% END %]
@@ -76,15 +70,6 @@
      [% IF otheruser.email_disabled %] checked="checked" [% END %] />
      (This affects bugmail and whinemail, not password-reset or other 
      non-bug-related emails)
-      [% IF editform %]
-        <input type="hidden" name="disable_mail_old"
-          [% IF otheruser.email_disabled %]
-            value="1"
-          [% ELSE %]
-            value="0" 
-          [% END %]
-        />
-      [% END %]
    </td>
  </tr>
  <tr>
@@ -101,10 +86,6 @@
       %]<br>
      (If non-empty, then the account will be disabled, and this text should
      explain why.)
-      [% IF editform %]
-        <input type="hidden" name="disabledtextold"
-               value="[% otheruser.disabledtext FILTER html %]" />
-      [% END %]
    </td>
  </tr>
 [% END %]