Bug 670868: (CVE-2011-2978) [SECURITY] Account preferences page trusts…

Bug 670868: (CVE-2011-2978) [SECURITY] Account preferences page trusts user-modifiable field for obtaining current e-mail address r/a=LpSolit

Bug 670868: (CVE-2011-2978) [SECURITY] Account preferences page trusts…
75b2accb · Byron Jones · Frédéric Buclin · 818ad5e1 · 75b2accb
Commit 75b2accb authored Aug 04, 2011 by Byron Jones Committed by Frédéric Buclin Aug 04, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

userprefs.cgi userprefs.cgi +1 -1

No files found.
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -85,7 +85,7 @@ sub SaveAccount {
    my $pwd1 = $cgi->param('new_password1');
    my $pwd2 = $cgi->param('new_password2');

-    my $old_login_name = $cgi->param('old_login');
+    my $old_login_name = $user->login;
    my $new_login_name = trim($cgi->param('new_login_name'));

    if ($user->authorizer->can_change_password