Bug 292059: No locking in createaccount.cgi - Patch by Fr�d�ric Buclin <LpSolit@gmail.com> r=wicked a=myk

This commit is contained in:
lpsolit%gmail.com 2005-07-27 20:15:37 +00:00
Родитель 2a905e3ef4
Коммит 6685da1d5c
1 изменённых файлов: 17 добавлений и 12 удалений

Просмотреть файл

@ -30,22 +30,24 @@ use lib qw(.);
require "CGI.pl";
use Bugzilla;
use Bugzilla::Constants;
use Bugzilla::User;
use Bugzilla::BugMail;
use Bugzilla::Util;
# Shut up misguided -w warnings about "used only once":
use vars qw(
$template
$vars
);
use vars qw($template $vars);
# Just in case someone already has an account, let them get the correct footer
# on an error message. The user is logged out just before the account is
# on an error message. The user is logged out just after the account is
# actually created.
Bugzilla->login(LOGIN_OPTIONAL);
my $dbh = Bugzilla->dbh;
my $cgi = Bugzilla->cgi;
print $cgi->header();
# If we're using LDAP for login, then we can't create a new account here.
unless (Bugzilla::Auth->can_edit('new')) {
ThrowUserError("auth_cant_create_account");
@ -56,9 +58,6 @@ unless ($createexp) {
ThrowUserError("account_creation_disabled");
}
my $cgi = Bugzilla->cgi;
print $cgi->header();
my $login = $cgi->param('login');
if (defined($login)) {
@ -66,9 +65,12 @@ if (defined($login)) {
my $realname = trim($cgi->param('realname'));
check_email_syntax($login);
$vars->{'login'} = $login;
$dbh->bz_lock_tables('profiles WRITE', 'email_setting WRITE', 'tokens READ');
if (!is_available_username($login)) {
# Account already exists
# Account already exists
$dbh->bz_unlock_tables();
$template->process("account/exists.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@ -78,11 +80,14 @@ if (defined($login)) {
ThrowUserError("account_creation_disabled");
}
# Create account
my $password = insert_new_user($login, $realname);
$dbh->bz_unlock_tables();
# Clear out the login cookies in case the user is currently logged in.
Bugzilla->logout();
# Create account
my $password = insert_new_user($login, $realname);
Bugzilla::BugMail::MailPassword($login, $password);
$template->process("account/created.html.tmpl", $vars)