Bug 670868: (CVE-2011-2978) [SECURITY] Account preferences page trusts user-modifiabl...

author Byron Jones <glob@mozilla.com>

Thu, 4 Aug 2011 20:48:15 +0000 (22:48 +0200)

committer Frédéric Buclin <LpSolit@gmail.com>

Thu, 4 Aug 2011 20:48:15 +0000 (22:48 +0200)
author Byron Jones <glob@mozilla.com>
Thu, 4 Aug 2011 20:48:15 +0000 (22:48 +0200)
committer Frédéric Buclin <LpSolit@gmail.com>
Thu, 4 Aug 2011 20:48:15 +0000 (22:48 +0200)
diff --git a/userprefs.cgi b/userprefs.cgi

index d844645da1a69c3520f051e415be4a60d4a75637..f8e84059f1b6bd1e20fe0c068af1d77e989edf65 100755 (executable)
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -83,7 +83,7 @@ sub SaveAccount {
      my $pwd1 = $cgi->param('new_password1');
      my $pwd2 = $cgi->param('new_password2');
  
-    my $old_login_name = $cgi->param('old_login');
+    my $old_login_name = $user->login;
      my $new_login_name = trim($cgi->param('new_login_name'));
  
      if ($user->authorizer->can_change_password
author	Byron Jones <glob@mozilla.com>
	Thu, 4 Aug 2011 20:48:15 +0000 (22:48 +0200)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Thu, 4 Aug 2011 20:48:15 +0000 (22:48 +0200)