diff options
author | mkanat%kerio.com <> | 2005-05-12 10:52:13 +0200 |
---|---|---|
committer | mkanat%kerio.com <> | 2005-05-12 10:52:13 +0200 |
commit | 8f2bc1b07ce4150a878e80f5bce09e819cbfd414 (patch) | |
tree | 20f43dfce988ecfa01d14bbc4b9139ecc79f35cd | |
parent | e21b1306af07a0065ef4f8ab9d3b657a03a463be (diff) | |
download | bugzilla-8f2bc1b07ce4150a878e80f5bce09e819cbfd414.tar.gz bugzilla-8f2bc1b07ce4150a878e80f5bce09e819cbfd414.tar.xz |
Bug 287436: [SECURITY] After having logged in, links to change the report type contain username and password
Patch By Marc Schumann <wurblzap@gmail.com> r=gerv, a=justdave
-rw-r--r-- | Bugzilla/Auth/Login/WWW/CGI.pm | 2 | ||||
-rwxr-xr-x | chart.cgi | 3 | ||||
-rwxr-xr-x | userprefs.cgi | 11 |
3 files changed, 12 insertions, 4 deletions
diff --git a/Bugzilla/Auth/Login/WWW/CGI.pm b/Bugzilla/Auth/Login/WWW/CGI.pm index d99cd3b80..98fd3a6d3 100644 --- a/Bugzilla/Auth/Login/WWW/CGI.pm +++ b/Bugzilla/Auth/Login/WWW/CGI.pm @@ -50,6 +50,8 @@ sub login { # First, try the actual login method against form variables my $username = $cgi->param("Bugzilla_login"); my $passwd = $cgi->param("Bugzilla_password"); + + $cgi->delete('Bugzilla_login', 'Bugzilla_password'); my $authmethod = Param("user_verify_class"); my ($authres, $userid, $extra, $info) = @@ -286,8 +286,7 @@ sub wrap { $vars->{'time'} = time(); $vars->{'imagebase'} = $cgi->canonicalise_query( - "action", "action-wrap", "ctype", "format", "width", "height", - "Bugzilla_login", "Bugzilla_password"); + "action", "action-wrap", "ctype", "format", "width", "height"); print $cgi->header(); $template->process("reports/chart.html.tmpl", $vars) diff --git a/userprefs.cgi b/userprefs.cgi index 9c2135eb3..1cf15868b 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -388,12 +388,19 @@ sub SaveSavedSearches() { # Live code (not subroutine definitions) starts here ############################################################################### +my $cgi = Bugzilla->cgi; + +# This script needs direct access to the username and password CGI variables, +# so we save them before their removal in Bugzilla->login +my $bugzilla_login = $cgi->param('Bugzilla_login'); +my $bugzilla_password = $cgi->param('Bugzilla_password'); + Bugzilla->login(LOGIN_REQUIRED); +$cgi->param('Bugzilla_login', $bugzilla_login); +$cgi->param('Bugzilla_password', $bugzilla_password); GetVersionTable(); -my $cgi = Bugzilla->cgi; - $vars->{'changes_saved'} = $cgi->param('dosave'); my $current_tab_name = $cgi->param('tab') || "account"; |