From: lpsolit%gmail.com <>
Date: Thu, 28 Jul 2005 03:18:20 +0000 (+0000)
Subject: Bug 292059: No locking in createaccount.cgi - Patch by Frédéric Buclin <LpSolit@gmail... 
X-Git-Tag: bugzilla-2.20rc2~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d96d96c6c4e78b1ee5636a7d9ce6f9cc5c62105a;p=thirdparty%2Fbugzilla.git

Bug 292059: No locking in createaccount.cgi - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=myk
---

diff --git a/createaccount.cgi b/createaccount.cgi
index 9d9f55d8ad..3465800a3d 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -30,20 +30,22 @@ use lib qw(.);
 
 require "CGI.pl";
 
+use Bugzilla;
 use Bugzilla::Constants;
 use Bugzilla::User;
 
 # Shut up misguided -w warnings about "used only once":
-use vars qw(
-  $template
-  $vars
-);
+use vars qw($template $vars);
 
 # Just in case someone already has an account, let them get the correct footer
-# on an error message.  The user is logged out just before the account is
+# on an error message. The user is logged out just after the account is
 # actually created.
 Bugzilla->login(LOGIN_OPTIONAL);
 
+my $dbh = Bugzilla->dbh;
+my $cgi = Bugzilla->cgi;
+print $cgi->header();
+
 # If we're using LDAP for login, then we can't create a new account here.
 unless (Bugzilla::Auth->can_edit('new')) {
     ThrowUserError("auth_cant_create_account");
@@ -54,9 +56,6 @@ unless ($createexp) {
     ThrowUserError("account_creation_disabled");
 }
 
-my $cgi = Bugzilla->cgi;
-print $cgi->header();
-
 my $login = $cgi->param('login');
 
 if (defined($login)) {
@@ -64,9 +63,12 @@ if (defined($login)) {
     my $realname = trim($cgi->param('realname'));
     CheckEmailSyntax($login);
     $vars->{'login'} = $login;
-    
+
+    $dbh->bz_lock_tables('profiles WRITE', 'email_setting WRITE', 'tokens READ');
+
     if (!is_available_username($login)) {
-        # Account already exists        
+        # Account already exists
+        $dbh->bz_unlock_tables();
         $template->process("account/exists.html.tmpl", $vars)
           || ThrowTemplateError($template->error());
         exit;
@@ -76,11 +78,14 @@ if (defined($login)) {
         ThrowUserError("account_creation_disabled");
     }
     
+    # Create account
+    my $password = insert_new_user($login, $realname);
+
+    $dbh->bz_unlock_tables();
+
     # Clear out the login cookies in case the user is currently logged in.
     Bugzilla->logout();
 
-    # Create account
-    my $password = insert_new_user($login, $realname);
     MailPassword($login, $password);
     
     $template->process("account/created.html.tmpl", $vars)