Bug 670868: (CVE-2011-2978) [SECURITY] Account preferences page trusts user-modifiabl...

author Byron Jones <glob@mozilla.com>

Thu, 4 Aug 2011 20:49:51 +0000 (22:49 +0200)

committer Frédéric Buclin <LpSolit@gmail.com>

Thu, 4 Aug 2011 20:49:51 +0000 (22:49 +0200)
author Byron Jones <glob@mozilla.com>
Thu, 4 Aug 2011 20:49:51 +0000 (22:49 +0200)
committer Frédéric Buclin <LpSolit@gmail.com>
Thu, 4 Aug 2011 20:49:51 +0000 (22:49 +0200)
diff --git a/userprefs.cgi b/userprefs.cgi

index cffae38ccbdfdd62dbf810da5b45cee121d41c61..57bfcca5d926d1b7198c319bce29b18c2a09fef1 100755 (executable)
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -120,7 +120,7 @@ sub SaveAccount {
          && Bugzilla->params->{"allowemailchange"}
          && $cgi->param('new_login_name'))
      {
-        my $old_login_name = $cgi->param('Bugzilla_login');
+        my $old_login_name = $user->login;
          my $new_login_name = trim($cgi->param('new_login_name'));
  
          if($old_login_name ne $new_login_name) {
author	Byron Jones <glob@mozilla.com>
	Thu, 4 Aug 2011 20:49:51 +0000 (22:49 +0200)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Thu, 4 Aug 2011 20:49:51 +0000 (22:49 +0200)