Bug 349766: Use of uninitialized value in pattern match (m//) at editusers.cgi line 270 - Patch by Frédéric Buclin <LpSolit@gmail.com> r=kevin.benton a=myk
git-svn-id: svn://10.0.0.236/trunk@208392 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
lpsolit%gmail.com
parent
2f09eb8fdf
commit
3b0899a704
@ -195,7 +195,7 @@ if ($action eq 'search') {
|
||||
my $password = $cgi->param('password');
|
||||
my $realname = trim($cgi->param('name') || '');
|
||||
my $disabledtext = trim($cgi->param('disabledtext') || '');
|
||||
my $disable_mail = $cgi->param('disable_mail') =~ /^(0|1)$/ ? $1 : 0;
|
||||
my $disable_mail = $cgi->param('disable_mail') ? 1 : 0;
|
||||
|
||||
# Lock tables during the check+creation session.
|
||||
$dbh->bz_lock_tables('profiles WRITE', 'profiles_activity WRITE',
|
||||
@ -235,7 +235,6 @@ if ($action eq 'search') {
|
||||
} elsif ($action eq 'update') {
|
||||
my $otherUser = check_user($otherUserID, $otherUserLogin);
|
||||
$otherUserID = $otherUser->id;
|
||||
my $oldprofile = new Bugzilla::User($otherUserID);
|
||||
|
||||
my $logoutNeeded = 0;
|
||||
my @changedFields;
|
||||
@ -256,25 +255,18 @@ if ($action eq 'search') {
|
||||
action => "modify",
|
||||
object => "user"});
|
||||
|
||||
# Cleanups
|
||||
my $loginold = $cgi->param('loginold') || '';
|
||||
my $realnameold = $cgi->param('nameold') || '';
|
||||
my $disabledtextold = $cgi->param('disabledtextold') || '';
|
||||
my $disable_mail_old = $cgi->param('disable_mail_old') =~ /^(0|1)$/ ?
|
||||
$1 : $oldprofile->email_disabled;
|
||||
|
||||
my $login = $cgi->param('login');
|
||||
my $password = $cgi->param('password');
|
||||
my $realname = trim($cgi->param('name') || '');
|
||||
my $disabledtext = trim($cgi->param('disabledtext') || '');
|
||||
my $disable_mail = $cgi->param('disable_mail') =~ /^(0|1)$/ ? $1 : 0;
|
||||
my $disable_mail = $cgi->param('disable_mail') ? 1 : 0;
|
||||
|
||||
# Update profiles table entry; silently skip doing this if the user
|
||||
# is not authorized.
|
||||
if ($editusers) {
|
||||
my @values;
|
||||
|
||||
if ($login ne $loginold) {
|
||||
if ($login ne $otherUser->login) {
|
||||
# Validate, then trick_taint.
|
||||
$login || ThrowUserError('user_login_required');
|
||||
validate_email_syntax($login)
|
||||
@ -290,7 +282,7 @@ if ($action eq 'search') {
|
||||
# Since we change the login, silently delete any tokens.
|
||||
$dbh->do('DELETE FROM tokens WHERE userid = ?', {}, $otherUserID);
|
||||
}
|
||||
if ($realname ne $realnameold) {
|
||||
if ($realname ne $otherUser->name) {
|
||||
# The real name may be anything; we use a placeholder for our
|
||||
# INSERT, and we rely on displaying code to FILTER html.
|
||||
trick_taint($realname);
|
||||
@ -305,7 +297,7 @@ if ($action eq 'search') {
|
||||
push(@values, bz_crypt($password));
|
||||
$logoutNeeded = 1;
|
||||
}
|
||||
if ($disabledtext ne $disabledtextold) {
|
||||
if ($disabledtext ne $otherUser->disabledtext) {
|
||||
# The disable text may be anything; we use a placeholder for our
|
||||
# INSERT, and we rely on displaying code to FILTER html.
|
||||
trick_taint($disabledtext);
|
||||
@ -313,7 +305,7 @@ if ($action eq 'search') {
|
||||
push(@values, $disabledtext);
|
||||
$logoutNeeded = 1;
|
||||
}
|
||||
if ($disable_mail != $disable_mail_old) {
|
||||
if ($disable_mail != $otherUser->email_disabled) {
|
||||
trick_taint($disable_mail);
|
||||
push(@changedFields, 'disable_mail');
|
||||
push(@values, $disable_mail);
|
||||
@ -419,7 +411,7 @@ if ($action eq 'search') {
|
||||
userDataToVars($otherUserID);
|
||||
|
||||
$vars->{'message'} = 'account_updated';
|
||||
$vars->{'loginold'} = $loginold;
|
||||
$vars->{'loginold'} = $otherUser->login;
|
||||
$vars->{'changed_fields'} = \@changedFields;
|
||||
$vars->{'groups_added_to'} = \@groupsAddedTo;
|
||||
$vars->{'groups_removed_from'} = \@groupsRemovedFrom;
|
||||
|
||||
@ -28,8 +28,6 @@
|
||||
<input size="64" maxlength="255" name="login"
|
||||
id="login" value="[% otheruser.login FILTER html %]" />
|
||||
[% IF editform %]
|
||||
<input type="hidden" name="loginold"
|
||||
value="[% otheruser.login FILTER html %]" />
|
||||
[% IF !otheruser.groups.bz_sudo_protect %]
|
||||
<br />
|
||||
<a href="relogin.cgi?action=prepare-sudo&target_login=
|
||||
@ -48,10 +46,6 @@
|
||||
<input size="64" maxlength="255" name="name"
|
||||
autocomplete="off"
|
||||
id="name" value="[% otheruser.name FILTER html %]" />
|
||||
[% IF editform %]
|
||||
<input type="hidden" name="nameold"
|
||||
value="[% otheruser.name FILTER html %]" />
|
||||
[% END %]
|
||||
[% ELSE %]
|
||||
[% otheruser.name FILTER html %]
|
||||
[% END %]
|
||||
@ -76,15 +70,6 @@
|
||||
[% IF otheruser.email_disabled %] checked="checked" [% END %] />
|
||||
(This affects bugmail and whinemail, not password-reset or other
|
||||
non-bug-related emails)
|
||||
[% IF editform %]
|
||||
<input type="hidden" name="disable_mail_old"
|
||||
[% IF otheruser.email_disabled %]
|
||||
value="1"
|
||||
[% ELSE %]
|
||||
value="0"
|
||||
[% END %]
|
||||
/>
|
||||
[% END %]
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
@ -101,10 +86,6 @@
|
||||
%]<br>
|
||||
(If non-empty, then the account will be disabled, and this text should
|
||||
explain why.)
|
||||
[% IF editform %]
|
||||
<input type="hidden" name="disabledtextold"
|
||||
value="[% otheruser.disabledtext FILTER html %]" />
|
||||
[% END %]
|
||||
</td>
|
||||
</tr>
|
||||
[% END %]
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user