diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2011-12-28 23:11:44 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-12-28 23:11:44 +0100 |
| commit | 2d792a108434d9ea59ebf75ae09fb69cbab6fb71 (patch) | |
| tree | 3da27d1b0158d793d42cf87bb3fd479de558b525 /createaccount.cgi | |
| parent | f8813fc6a94b4e8e6d5e77009458ed8cb5a856c7 (diff) | |
| download | bugs-2d792a108434d9ea59ebf75ae09fb69cbab6fb71.tar bugs-2d792a108434d9ea59ebf75ae09fb69cbab6fb71.tar.gz bugs-2d792a108434d9ea59ebf75ae09fb69cbab6fb71.tar.bz2 bugs-2d792a108434d9ea59ebf75ae09fb69cbab6fb71.tar.xz bugs-2d792a108434d9ea59ebf75ae09fb69cbab6fb71.zip | |
Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account
r=glob a=LpSolit
Diffstat (limited to 'createaccount.cgi')
| -rwxr-xr-x | createaccount.cgi | 29 |
1 files changed, 3 insertions, 26 deletions
diff --git a/createaccount.cgi b/createaccount.cgi index 09999865f..acc63e891 100755 --- a/createaccount.cgi +++ b/createaccount.cgi @@ -31,35 +31,19 @@ use lib qw(. lib); use Bugzilla; use Bugzilla::Constants; use Bugzilla::Error; -use Bugzilla::User; -use Bugzilla::BugMail; -use Bugzilla::Util; use Bugzilla::Token; # Just in case someone already has an account, let them get the correct footer # on an error message. The user is logged out just after the account is # actually created. my $user = Bugzilla->login(LOGIN_OPTIONAL); - -my $dbh = Bugzilla->dbh; my $cgi = Bugzilla->cgi; my $template = Bugzilla->template; -my $vars = {}; - -$vars->{'doc_section'} = 'myaccount.html'; +my $vars = { doc_section => 'myaccount.html' }; print $cgi->header(); -# If we're using LDAP for login, then we can't create a new account here. -unless ($user->authorizer->user_can_create_account) { - ThrowUserError("auth_cant_create_account"); -} - -my $createexp = Bugzilla->params->{'createemailregexp'}; -unless ($createexp) { - ThrowUserError("account_creation_disabled"); -} - +$user->check_account_creation_enabled; my $login = $cgi->param('login'); if (defined($login)) { @@ -68,16 +52,9 @@ if (defined($login)) { my $token = $cgi->param('token'); check_hash_token($token, ['create_account']); - $login = Bugzilla::User->check_login_name_for_creation($login); + $user->check_and_send_account_creation_confirmation($login); $vars->{'login'} = $login; - if ($login !~ /$createexp/i) { - ThrowUserError("account_creation_restricted"); - } - - # Create and send a token for this new account. - Bugzilla::Token::issue_new_user_account_token($login); - $template->process("account/created.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; |