Closed
Bug 292059
Opened 20 years ago
Closed 19 years ago
No locking in createaccount.cgi
Categories
(Bugzilla :: User Accounts, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.20
People
(Reporter: gerv, Assigned: LpSolit)
Details
Attachments
(2 files, 1 obsolete file)
|
2.28 KB,
patch
|
wicked
:
review+
|
Details | Diff | Splinter Review |
|
2.21 KB,
patch
|
wicked
:
review+
|
Details | Diff | Splinter Review |
We have two bits of account creation code - in Bugzilla/Users.pm and editusers.cgi. editusers.cgi locks the profiles table while it checks for non-existence of the user and then creates it if necessary. The code called from createaccount.cgi (in Bugzilla/Users.pm) does not. There is therefore theoretically a race condition, which might be hit if, for example, the user double-clicks the button and the web browser sends both requests. If we are just to add locking, it needs to be in createaccount.cgi rather than Users.pm because of the way the code is structured. However, we may also want to take this opportunity to change things to only have a single place where users are created.
|
Assignee | |
Comment 1•19 years ago
|
||
The code in createaccount.cgi and editusers.cgi is actually too different to be merged. For example, the user has to be logged out when he creates a new account. He also needs a "forgot password" message if the account already exists, etc...
Assignee: user-accounts → LpSolit
Status: NEW → ASSIGNED
Attachment #189241 -
Flags: review?(wurblzap)
|
|
Assignee | |
Updated•19 years ago
|
Target Milestone: --- → Bugzilla 2.20
|
||
Comment 2•19 years ago
|
||
Comment on attachment 189241 [details] [diff] [review] patch, v1 This patch didn't apply cleanly to either 2.20 branch (hunk 1 and 4) or trunk (hunk 1). I applied failed hunk 1 manually on tip and tested account creation. Even though this suffles things aroung, it would still seem to work correctly. >Index: createaccount.cgi > # Shut up misguided -w warnings about "used only once": >-use vars qw( >- $template >- $vars >-); >+use vars qw($template $vars); Nit: Imho, nice cleanup but unneeded. > # Just in case someone already has an account, let them get the correct footer >-# on an error message. The user is logged out just before the account is >+# on an error message. The user will be logged out when the account is > # actually created. Nit: Maybe remove the double blank too? Also, perhaps add word "after" so it's clear logout happens after account creation now..
Attachment #189241 -
Flags: review?(wurblzap) → review-
|
|
Assignee | |
Comment 3•19 years ago
|
||
Attachment #189241 -
Attachment is obsolete: true
Attachment #190705 -
Flags: review?(wicked)
|
|
||
Comment 4•19 years ago
|
||
Comment on attachment 190705 [details] [diff] [review] patch for the tip, v2 Tested on trunk, seems to work. Does not apply cleanly on 2.20 branch.
Attachment #190705 -
Flags: review?(wicked) → review+
|
|
Assignee | |
Comment 5•19 years ago
|
||
same patch as for the tip.
|
|
Assignee | |
Updated•19 years ago
|
Attachment #190710 -
Flags: review?(wicked)
|
|
||
Comment 6•19 years ago
|
||
Comment on attachment 190710 [details] [diff] [review] 2.20 backport, v2 Tested to be working on 2.20 branch.
Attachment #190710 -
Flags: review?(wicked) → review+
|
|
||
Updated•19 years ago
|
Flags: approval?
Flags: approval2.20?
|
||
Updated•19 years ago
|
Flags: approval?
Flags: approval2.20?
Flags: approval2.20+
Flags: approval+
|
|
Assignee | |
Comment 7•19 years ago
|
||
tip: Checking in createaccount.cgi; /cvsroot/mozilla/webtools/bugzilla/createaccount.cgi,v <-- createaccount.cgi new revision: 1.42; previous revision: 1.41 done 2.20rc1: Checking in createaccount.cgi; /cvsroot/mozilla/webtools/bugzilla/createaccount.cgi,v <-- createaccount.cgi new revision: 1.39.2.1; previous revision: 1.39 done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•