зеркало из https://github.com/mozilla/gecko-dev.git
Add an additional check that the change ID is valid
This commit is contained in:
Родитель
f160c6a497
Коммит
fea723a0a6
|
@ -228,7 +228,8 @@ sub performFieldChange {
|
||||||
my $dataSource = $self->app->getService('dataSource.user');
|
my $dataSource = $self->app->getService('dataSource.user');
|
||||||
my($userID, $fieldID, $newData, $password, $createTime, $type) = $dataSource->getUserFieldChangeFromChangeID($self->app, $changeID);
|
my($userID, $fieldID, $newData, $password, $createTime, $type) = $dataSource->getUserFieldChangeFromChangeID($self->app, $changeID);
|
||||||
# check for valid change
|
# check for valid change
|
||||||
if (($userID != $self->userID) or # wrong change ID
|
if ((not defined($userID)) or # invalid change ID
|
||||||
|
($userID != $self->userID) or # wrong change ID
|
||||||
(not $self->app->getService('service.password')->checkPassword($candidatePassword, $password)) or # wrong password
|
(not $self->app->getService('service.password')->checkPassword($candidatePassword, $password)) or # wrong password
|
||||||
($createTime < $minTime)) { # expired change
|
($createTime < $minTime)) { # expired change
|
||||||
return 0;
|
return 0;
|
||||||
|
|
Загрузка…
Ссылка в новой задаче