Closed Bug 677522 Opened 13 years ago Closed 13 years ago

IssueEmailChangeToken() should get the old login name from the user object

Categories

(Bugzilla :: User Accounts, enhancement)

Product:
Bugzilla
Component:
User Accounts
Version:
4.1.3
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.2

People

(Reporter: LpSolit, Assigned: LpSolit)

Details

Attachments

(1 file)

patch, v1
3.31 KB, patch
timello
: review+
Details | Diff | Splinter Review
Attached patch patch, v1Splinter Review 
See bug 670868 comment 13:
"we should fix Bugzilla::Token::IssueEmailChangeToken() to only get ($user, $new_email) as arguments, and get $old_email from $user->login, instead of passing $old_email as we currently do. This would also prevent this abuse. But this should only be done on trunk (even 4.2), as a security enhancement."
Attachment #551741 - Flags: review?(glob)
Attachment #551741 - Flags: review?(glob) → review?(timello)
Comment on attachment 551741 [details] [diff] [review]
patch, v1

It looks good for me.
Attachment #551741 - Flags: review?(timello) → review+
Flags: approval?
Flags: approval?
Flags: approval4.2+
Flags: approval+
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified userprefs.cgi
modified Bugzilla/Token.pm
Committed revision 7937.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.2/
modified userprefs.cgi
modified Bugzilla/Token.pm
Committed revision 7910.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: