diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2011-01-24 18:17:45 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-01-24 18:17:45 +0100 |
commit | 6f8f6aba3517ae72e4eb298cd3fac13db80f1814 (patch) | |
tree | 9f421dce4eab00b5731c39df1bf80ce651359fce /chart.cgi | |
parent | Bug 627930 - Release Notes for Bugzilla 3.4.10 (diff) | |
download | bugzilla-6f8f6aba3517ae72e4eb298cd3fac13db80f1814.tar.gz bugzilla-6f8f6aba3517ae72e4eb298cd3fac13db80f1814.tar.bz2 bugzilla-6f8f6aba3517ae72e4eb298cd3fac13db80f1814.zip |
Bug 621108: [SECURITY] Creating/editing charts lacks CSRF protection
r=dkl a=LpSolit
Diffstat (limited to 'chart.cgi')
-rwxr-xr-x | chart.cgi | 11 |
1 files changed, 9 insertions, 2 deletions
@@ -52,6 +52,7 @@ use Bugzilla::Util; use Bugzilla::Chart; use Bugzilla::Series; use Bugzilla::User; +use Bugzilla::Token; # For most scripts we don't make $cgi and $template global variables. But # when preparing Bugzilla for mod_perl, this script used these @@ -138,7 +139,9 @@ elsif ($action eq "wrap") { } elsif ($action eq "create") { assertCanCreate($cgi); - + my $token = $cgi->param('token'); + check_hash_token($token, ['create-series']); + my $series = new Bugzilla::Series($cgi); if (!$series->existsInDatabase()) { @@ -168,7 +171,11 @@ elsif ($action eq "alter") { detaint_natural($series_id) || ThrowCodeError("invalid_series_id"); assertCanEdit($series_id); - my $series = new Bugzilla::Series($cgi); + # We cannot use the $series object below, as its name may have changed. + my $series = new Bugzilla::Series($series_id); + my $token = $cgi->param('token'); + check_hash_token($token, [$series->{series_id}, $series->{name}]); + $series = new Bugzilla::Series($cgi); # We need to check if there is _another_ series in the database with # our (potentially new) name. So we call existsInDatabase() to see if |