diff options
author | Dave Lawrence <dlawrence@mozilla.com> | 2013-10-16 18:27:00 +0200 |
---|---|---|
committer | Dave Lawrence <dlawrence@mozilla.com> | 2013-10-16 18:27:00 +0200 |
commit | 6f5ed9c78eda6cbe6cf743ddacc82a6f9fccdf15 (patch) | |
tree | 7f42d99d68c2bf7649e3ac8f1474c5bb9ef07761 | |
parent | 60343369b4f0cdcc758e8776839014ffcf8fcfb5 (diff) | |
download | bugzilla-6f5ed9c78eda6cbe6cf743ddacc82a6f9fccdf15.tar.gz bugzilla-6f5ed9c78eda6cbe6cf743ddacc82a6f9fccdf15.tar.xz |
Bug 906745 - In MySQL, tokens are not case-sensitive, reducing total entropy and allowing easier brute force
r=LpSolit,a=sgreen
-rwxr-xr-x | token.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -69,7 +69,7 @@ if ($token) { # Make sure the token exists in the database. my ($db_token, $tokentype) = $dbh->selectrow_array('SELECT token, tokentype FROM tokens WHERE token = ?', undef, $token); - (defined $db_token && $db_token eq $token && $tokentype) + (defined $db_token && $db_token eq $token) || ThrowUserError("token_does_not_exist"); # Make sure the token is the correct type for the action being taken. |