summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2011-12-28 23:11:44 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2011-12-28 23:11:44 +0100
commit2d792a108434d9ea59ebf75ae09fb69cbab6fb71 (patch)
tree3da27d1b0158d793d42cf87bb3fd479de558b525 /createaccount.cgi
parentBug 697699 - (CVE-2011-3657) [SECURITY] XSS when viewing new charts or tabula... (diff)
downloadbugzilla-2d792a108434d9ea59ebf75ae09fb69cbab6fb71.tar.gz
bugzilla-2d792a108434d9ea59ebf75ae09fb69cbab6fb71.tar.bz2
bugzilla-2d792a108434d9ea59ebf75ae09fb69cbab6fb71.zip
Bug 711714: (CVE-2011-3667) [SECURITY] The User.offer_account_by_email WebService method lets you create new user accounts independently of the value of Bugzilla::Auth::Verify::*::user_can_create_account
r=glob a=LpSolit
Diffstat (limited to 'createaccount.cgi')
-rwxr-xr-xcreateaccount.cgi29
1 files changed, 3 insertions, 26 deletions
diff --git a/createaccount.cgi b/createaccount.cgi
index 09999865f..acc63e891 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -31,35 +31,19 @@ use lib qw(. lib);
use Bugzilla;
use Bugzilla::Constants;
use Bugzilla::Error;
-use Bugzilla::User;
-use Bugzilla::BugMail;
-use Bugzilla::Util;
use Bugzilla::Token;
# Just in case someone already has an account, let them get the correct footer
# on an error message. The user is logged out just after the account is
# actually created.
my $user = Bugzilla->login(LOGIN_OPTIONAL);
-
-my $dbh = Bugzilla->dbh;
my $cgi = Bugzilla->cgi;
my $template = Bugzilla->template;
-my $vars = {};
-
-$vars->{'doc_section'} = 'myaccount.html';
+my $vars = { doc_section => 'myaccount.html' };
print $cgi->header();
-# If we're using LDAP for login, then we can't create a new account here.
-unless ($user->authorizer->user_can_create_account) {
- ThrowUserError("auth_cant_create_account");
-}
-
-my $createexp = Bugzilla->params->{'createemailregexp'};
-unless ($createexp) {
- ThrowUserError("account_creation_disabled");
-}
-
+$user->check_account_creation_enabled;
my $login = $cgi->param('login');
if (defined($login)) {
@@ -68,16 +52,9 @@ if (defined($login)) {
my $token = $cgi->param('token');
check_hash_token($token, ['create_account']);
- $login = Bugzilla::User->check_login_name_for_creation($login);
+ $user->check_and_send_account_creation_confirmation($login);
$vars->{'login'} = $login;
- if ($login !~ /$createexp/i) {
- ThrowUserError("account_creation_restricted");
- }
-
- # Create and send a token for this new account.
- Bugzilla::Token::issue_new_user_account_token($login);
-
$template->process("account/created.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;