summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormkanat%kerio.com <>2005-05-12 10:52:13 +0200
committermkanat%kerio.com <>2005-05-12 10:52:13 +0200
commit8f2bc1b07ce4150a878e80f5bce09e819cbfd414 (patch)
tree20f43dfce988ecfa01d14bbc4b9139ecc79f35cd
parente21b1306af07a0065ef4f8ab9d3b657a03a463be (diff)
downloadbugzilla-8f2bc1b07ce4150a878e80f5bce09e819cbfd414.tar.gz
bugzilla-8f2bc1b07ce4150a878e80f5bce09e819cbfd414.tar.xz
Bug 287436: [SECURITY] After having logged in, links to change the report type contain username and password
Patch By Marc Schumann <wurblzap@gmail.com> r=gerv, a=justdave
-rw-r--r--Bugzilla/Auth/Login/WWW/CGI.pm2
-rwxr-xr-xchart.cgi3
-rwxr-xr-xuserprefs.cgi11
3 files changed, 12 insertions, 4 deletions
diff --git a/Bugzilla/Auth/Login/WWW/CGI.pm b/Bugzilla/Auth/Login/WWW/CGI.pm
index d99cd3b80..98fd3a6d3 100644
--- a/Bugzilla/Auth/Login/WWW/CGI.pm
+++ b/Bugzilla/Auth/Login/WWW/CGI.pm
@@ -50,6 +50,8 @@ sub login {
# First, try the actual login method against form variables
my $username = $cgi->param("Bugzilla_login");
my $passwd = $cgi->param("Bugzilla_password");
+
+ $cgi->delete('Bugzilla_login', 'Bugzilla_password');
my $authmethod = Param("user_verify_class");
my ($authres, $userid, $extra, $info) =
diff --git a/chart.cgi b/chart.cgi
index 321c867fe..bc25d52e9 100755
--- a/chart.cgi
+++ b/chart.cgi
@@ -286,8 +286,7 @@ sub wrap {
$vars->{'time'} = time();
$vars->{'imagebase'} = $cgi->canonicalise_query(
- "action", "action-wrap", "ctype", "format", "width", "height",
- "Bugzilla_login", "Bugzilla_password");
+ "action", "action-wrap", "ctype", "format", "width", "height");
print $cgi->header();
$template->process("reports/chart.html.tmpl", $vars)
diff --git a/userprefs.cgi b/userprefs.cgi
index 9c2135eb3..1cf15868b 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -388,12 +388,19 @@ sub SaveSavedSearches() {
# Live code (not subroutine definitions) starts here
###############################################################################
+my $cgi = Bugzilla->cgi;
+
+# This script needs direct access to the username and password CGI variables,
+# so we save them before their removal in Bugzilla->login
+my $bugzilla_login = $cgi->param('Bugzilla_login');
+my $bugzilla_password = $cgi->param('Bugzilla_password');
+
Bugzilla->login(LOGIN_REQUIRED);
+$cgi->param('Bugzilla_login', $bugzilla_login);
+$cgi->param('Bugzilla_password', $bugzilla_password);
GetVersionTable();
-my $cgi = Bugzilla->cgi;
-
$vars->{'changes_saved'} = $cgi->param('dosave');
my $current_tab_name = $cgi->param('tab') || "account";