diff options
| author | Dave Lawrence <dlawrence@mozilla.com> | 2013-10-17 23:06:18 +0200 |
|---|---|---|
| committer | Dave Lawrence <dlawrence@mozilla.com> | 2013-10-17 23:06:18 +0200 |
| commit | 442b4f92d1b97c0742c2ab879021094f39c01331 (patch) | |
| tree | a17d072137b0deef5feb13623429f2ece60425f0 | |
| parent | 27d7fc49f8b9fe52cb94fda227ff3a0937d497f3 (diff) | |
| download | bugzilla-442b4f92d1b97c0742c2ab879021094f39c01331.tar.gz bugzilla-442b4f92d1b97c0742c2ab879021094f39c01331.tar.xz | |
Bug 912661 - backport upstream bug 911593 to bmo/4.2 for csrf security fix in process_bug.cgi
r=glob
| -rwxr-xr-x | process_bug.cgi | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/process_bug.cgi b/process_bug.cgi index 4483c8ebf..bae7e84d1 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -167,9 +167,6 @@ if ($delta_ts) { # regardless of the user's personal preference. my $comments = $first_bug->comments({ order => "oldest_to_newest" }); - # The token contains the old delta_ts. We need a new one. - $cgi->param('token', issue_hash_token([$first_bug->id, $first_bug->delta_ts])); - # Show midair if previous changes made other than CC # and/or one or more comments were made my $do_midair = scalar @$comments > $start_at ? 1 : 0; @@ -191,6 +188,8 @@ if ($delta_ts) { $vars->{'start_at'} = $start_at; $vars->{'comments'} = $comments; $vars->{'bug'} = $first_bug; + # The token contains the old delta_ts. We need a new one. + $cgi->param('token', issue_hash_token([$first_bug->id, $first_bug->delta_ts])); # Warn the user about the mid-air collision and ask them what to do. $template->process("bug/process/midair.html.tmpl", $vars) |