Closed
Bug 677522
Opened 13 years ago
Closed 13 years ago
IssueEmailChangeToken() should get the old login name from the user object
Categories
(Bugzilla :: User Accounts, enhancement)
Tracking
()
RESOLVED
FIXED
Bugzilla 4.2
People
(Reporter: LpSolit, Assigned: LpSolit)
Details
Attachments
(1 file)
3.31 KB,
patch
|
timello
:
review+
|
Details | Diff | Splinter Review |
See bug 670868 comment 13: "we should fix Bugzilla::Token::IssueEmailChangeToken() to only get ($user, $new_email) as arguments, and get $old_email from $user->login, instead of passing $old_email as we currently do. This would also prevent this abuse. But this should only be done on trunk (even 4.2), as a security enhancement."
Attachment #551741 -
Flags: review?(glob)
Assignee | ||
Updated•13 years ago
|
Attachment #551741 -
Flags: review?(glob) → review?(timello)
Comment 1•13 years ago
|
||
Comment on attachment 551741 [details] [diff] [review] patch, v1 It looks good for me.
Attachment #551741 -
Flags: review?(timello) → review+
Updated•13 years ago
|
Flags: approval?
Assignee | ||
Updated•13 years ago
|
Flags: approval?
Flags: approval4.2+
Flags: approval+
Assignee | ||
Comment 2•13 years ago
|
||
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/ modified userprefs.cgi modified Bugzilla/Token.pm Committed revision 7937. Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.2/ modified userprefs.cgi modified Bugzilla/Token.pm Committed revision 7910.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•