urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

passwordauth: avoid userinfo forgery via repeated email parameter 

OVE-20170111-0001

(cherry picked from commit bffb71d6a7d28f6dd5f0be241f214e79eea7bb91)
master
Simon McVittie 2017-01-11 13:19:13 +00:00
parent 3964787238
commit b642cbef80
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
IkiWiki/Plugin/passwordauth.pm
View File

@ -332,8 +332,9 @@ sub formbuilder (@) {
IkiWiki::cgi_postsignin($cgi, $session); IkiWiki::cgi_postsignin($cgi, $session);
} }
elsif ($form->submitted eq 'Create Account') { elsif ($form->submitted eq 'Create Account') {
my $email = $form->field('email');
if (IkiWiki::userinfo_setall($user_name, { if (IkiWiki::userinfo_setall($user_name, {
'email' => $form->field('email'), 'email' => $email,
'regdate' => time})) { 'regdate' => time})) {
setpassword($user_name, $form->field('password')); setpassword($user_name, $form->field('password'));
$form->field(name => "confirm_password", type => "hidden"); $form->field(name => "confirm_password", type => "hidden");