CGI, attachment, passwordauth: harden against repeated parameters

[git.ikiwiki.info.git] / IkiWiki / Plugin / passwordauth.pm

diff --git a/IkiWiki/Plugin/passwordauth.pm b/IkiWiki/Plugin/passwordauth.pm
index fe1da764ae9dc07a2431aaca78478cc9364b82e4..84961c51fd2be865b9b02447cdf839d8c6b8f9f8 100644 (file)
--- a/IkiWiki/Plugin/passwordauth.pm
+++ b/IkiWiki/Plugin/passwordauth.pm
@@ -327,10 +327,12 @@ sub formbuilder (@) {
                        }
                        elsif ($form->submitted eq 'Create Account') {
                                my $email = $form->field('email');
+                               my $password = $form->field('password');
+
                                if (IkiWiki::userinfo_setall($user_name, {
                                        'email' => $email,
                                        'regdate' => time})) {
-                                       setpassword($user_name, $form->field('password'));
+                                       setpassword($user_name, $password);
                                        $form->field(name => "confirm_password", type => "hidden");
                                        $form->field(name => "email", type => "hidden");
                                        $form->text(gettext("Account creation successful. Now you can Login."));
@@ -389,8 +391,9 @@ sub formbuilder (@) {
        elsif ($form->title eq "preferences") {
                if ($form->submitted eq "Save Preferences" && $form->validate) {
                        my $user_name=$form->field('name');
-                       if (defined $form->field("password") && length $form->field("password")) {
-                               setpassword($user_name, scalar $form->field('password'));
+                       my $password=$form->field('password');
+                       if (defined $password && length $password) {
+                               setpassword($user_name, $password);
                        }
                }
        }