diff options
author | lpsolit%gmail.com <> | 2006-08-25 15:33:19 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-08-25 15:33:19 +0000 |
commit | 1e68fe1e5c78228ca82ff6b41176de59e6ba0a4c (patch) | |
tree | e1d52fdd8404de43b1c7d0a7cca52fd93e5fadd0 | |
parent | Bug 345958: Do not throw an error if an inactive flag type is set to "X" whil... (diff) | |
download | bugzilla-1e68fe1e5c78228ca82ff6b41176de59e6ba0a4c.tar.gz bugzilla-1e68fe1e5c78228ca82ff6b41176de59e6ba0a4c.tar.bz2 bugzilla-1e68fe1e5c78228ca82ff6b41176de59e6ba0a4c.zip |
Bug 349766: Use of uninitialized value in pattern match (m//) at editusers.cgi line 270 - Patch by Frédéric Buclin <LpSolit@gmail.com> r=kevin.benton a=myk
-rwxr-xr-x | editusers.cgi | 22 | ||||
-rw-r--r-- | template/en/default/admin/users/userdata.html.tmpl | 19 |
2 files changed, 7 insertions, 34 deletions
diff --git a/editusers.cgi b/editusers.cgi index caea2186b..0ce3a95ce 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -195,7 +195,7 @@ if ($action eq 'search') { my $password = $cgi->param('password'); my $realname = trim($cgi->param('name') || ''); my $disabledtext = trim($cgi->param('disabledtext') || ''); - my $disable_mail = $cgi->param('disable_mail') =~ /^(0|1)$/ ? $1 : 0; + my $disable_mail = $cgi->param('disable_mail') ? 1 : 0; # Lock tables during the check+creation session. $dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE', @@ -235,7 +235,6 @@ if ($action eq 'search') { } elsif ($action eq 'update') { my $otherUser = check_user($otherUserID, $otherUserLogin); $otherUserID = $otherUser->id; - my $oldprofile = new Bugzilla::User($otherUserID); my $logoutNeeded = 0; my @changedFields; @@ -256,25 +255,18 @@ if ($action eq 'search') { action => "modify", object => "user"}); - # Cleanups - my $loginold = $cgi->param('loginold') || ''; - my $realnameold = $cgi->param('nameold') || ''; - my $disabledtextold = $cgi->param('disabledtextold') || ''; - my $disable_mail_old = $cgi->param('disable_mail_old') =~ /^(0|1)$/ ? - $1 : $oldprofile->email_disabled; - my $login = $cgi->param('login'); my $password = $cgi->param('password'); my $realname = trim($cgi->param('name') || ''); my $disabledtext = trim($cgi->param('disabledtext') || ''); - my $disable_mail = $cgi->param('disable_mail') =~ /^(0|1)$/ ? $1 : 0; + my $disable_mail = $cgi->param('disable_mail') ? 1 : 0; # Update profiles table entry; silently skip doing this if the user # is not authorized. if ($editusers) { my @values; - if ($login ne $loginold) { + if ($login ne $otherUser->login) { # Validate, then trick_taint. $login || ThrowUserError('user_login_required'); validate_email_syntax($login) @@ -290,7 +282,7 @@ if ($action eq 'search') { # Since we change the login, silently delete any tokens. $dbh->do('DELETE FROM tokens WHERE userid = ?', {}, $otherUserID); } - if ($realname ne $realnameold) { + if ($realname ne $otherUser->name) { # The real name may be anything; we use a placeholder for our # INSERT, and we rely on displaying code to FILTER html. trick_taint($realname); @@ -305,7 +297,7 @@ if ($action eq 'search') { push(@values, bz_crypt($password)); $logoutNeeded = 1; } - if ($disabledtext ne $disabledtextold) { + if ($disabledtext ne $otherUser->disabledtext) { # The disable text may be anything; we use a placeholder for our # INSERT, and we rely on displaying code to FILTER html. trick_taint($disabledtext); @@ -313,7 +305,7 @@ if ($action eq 'search') { push(@values, $disabledtext); $logoutNeeded = 1; } - if ($disable_mail != $disable_mail_old) { + if ($disable_mail != $otherUser->email_disabled) { trick_taint($disable_mail); push(@changedFields, 'disable_mail'); push(@values, $disable_mail); @@ -419,7 +411,7 @@ if ($action eq 'search') { userDataToVars($otherUserID); $vars->{'message'} = 'account_updated'; - $vars->{'loginold'} = $loginold; + $vars->{'loginold'} = $otherUser->login; $vars->{'changed_fields'} = \@changedFields; $vars->{'groups_added_to'} = \@groupsAddedTo; $vars->{'groups_removed_from'} = \@groupsRemovedFrom; diff --git a/template/en/default/admin/users/userdata.html.tmpl b/template/en/default/admin/users/userdata.html.tmpl index be29a1b4b..f495eb0f1 100644 --- a/template/en/default/admin/users/userdata.html.tmpl +++ b/template/en/default/admin/users/userdata.html.tmpl @@ -28,8 +28,6 @@ <input size="64" maxlength="255" name="login" id="login" value="[% otheruser.login FILTER html %]" /> [% IF editform %] - <input type="hidden" name="loginold" - value="[% otheruser.login FILTER html %]" /> [% IF !otheruser.groups.bz_sudo_protect %] <br /> <a href="relogin.cgi?action=prepare-sudo&target_login= @@ -48,10 +46,6 @@ <input size="64" maxlength="255" name="name" autocomplete="off" id="name" value="[% otheruser.name FILTER html %]" /> - [% IF editform %] - <input type="hidden" name="nameold" - value="[% otheruser.name FILTER html %]" /> - [% END %] [% ELSE %] [% otheruser.name FILTER html %] [% END %] @@ -76,15 +70,6 @@ [% IF otheruser.email_disabled %] checked="checked" [% END %] /> (This affects bugmail and whinemail, not password-reset or other non-bug-related emails) - [% IF editform %] - <input type="hidden" name="disable_mail_old" - [% IF otheruser.email_disabled %] - value="1" - [% ELSE %] - value="0" - [% END %] - /> - [% END %] </td> </tr> <tr> @@ -101,10 +86,6 @@ %]<br> (If non-empty, then the account will be disabled, and this text should explain why.) - [% IF editform %] - <input type="hidden" name="disabledtextold" - value="[% otheruser.disabledtext FILTER html %]" /> - [% END %] </td> </tr> [% END %] |