From e2c29f672ff2843dcf0f6da6b04e1d15fbf3f81d Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org"
 <mkanat%bugzilla.org@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Thu, 4 Aug 2011 21:06:12 +0000
Subject: [PATCH] Bug 670868: (CVE-2011-2978) [SECURITY] Account preferences
 page trusts user-modifiable field for obtaining current e-mail address
 r/a=LpSolit

git-svn-id: svn://10.0.0.236/branches/BUGZILLA-3_4-BRANCH@262586 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/webtools/bugzilla/.bzrrev       | 2 +-
 mozilla/webtools/bugzilla/userprefs.cgi | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/mozilla/webtools/bugzilla/.bzrrev b/mozilla/webtools/bugzilla/.bzrrev
index ba7fb703feb..23c5e4f7e57 100644
--- a/mozilla/webtools/bugzilla/.bzrrev
+++ b/mozilla/webtools/bugzilla/.bzrrev
@@ -1 +1 @@
-6807
\ No newline at end of file
+6808
\ No newline at end of file
diff --git a/mozilla/webtools/bugzilla/userprefs.cgi b/mozilla/webtools/bugzilla/userprefs.cgi
index cffae38ccbd..57bfcca5d92 100755
--- a/mozilla/webtools/bugzilla/userprefs.cgi
+++ b/mozilla/webtools/bugzilla/userprefs.cgi
@@ -120,7 +120,7 @@ sub SaveAccount {
         && Bugzilla->params->{"allowemailchange"}
         && $cgi->param('new_login_name'))
     {
-        my $old_login_name = $cgi->param('Bugzilla_login');
+        my $old_login_name = $user->login;
         my $new_login_name = trim($cgi->param('new_login_name'));
 
         if($old_login_name ne $new_login_name) {