diff options
author | Byron Jones <bjones@mozilla.com> | 2013-10-17 15:50:53 +0200 |
---|---|---|
committer | Byron Jones <bjones@mozilla.com> | 2013-10-17 15:50:53 +0200 |
commit | 2c257b0a104c1bb3483adfb0eacb792c528010e9 (patch) | |
tree | c716df84a2993b7f498cd70e47b51f09bd09827e | |
parent | 2efee598fb075cf727ac0d6aa5e6f833dc6f24e4 (diff) | |
download | bugzilla-2c257b0a104c1bb3483adfb0eacb792c528010e9.tar.gz bugzilla-2c257b0a104c1bb3483adfb0eacb792c528010e9.tar.xz |
Bug 927736: "invalid token" error if someone else changes the CC list while viewing a bug
-rwxr-xr-x | process_bug.cgi | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/process_bug.cgi b/process_bug.cgi index 259b48bdd..4483c8ebf 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -149,19 +149,19 @@ $timings->time('load_bug'); # Check for a mid-air collision. Currently this only works when updating # an individual bug. -if (defined $cgi->param('delta_ts')) -{ - my $delta_ts_z = datetime_from($cgi->param('delta_ts')); +my $delta_ts = $cgi->param('delta_ts') || ''; + +if ($delta_ts) { + my $delta_ts_z = datetime_from($delta_ts) + or ThrowCodeError('invalid_timestamp', { timestamp => $delta_ts }); + my $first_delta_tz_z = datetime_from($first_bug->delta_ts); - if ($first_delta_tz_z ne $delta_ts_z) { - ($vars->{'operations'}) = - Bugzilla::Bug::GetBugActivity($first_bug->id, undef, - scalar $cgi->param('delta_ts')); - ThrowCodeError('undefined_field', { field => 'longdesclength' }) - if !defined $cgi->param('longdesclength'); + if ($first_delta_tz_z ne $delta_ts_z) { + ($vars->{'operations'}) = Bugzilla::Bug::GetBugActivity($first_bug->id, undef, $delta_ts); - my $start_at = $cgi->param('longdesclength'); + my $start_at = $cgi->param('longdesclength') + or ThrowCodeError('undefined_field', { field => 'longdesclength' }); # Always sort midair collision comments oldest to newest, # regardless of the user's personal preference. @@ -206,7 +206,7 @@ if (defined $cgi->param('delta_ts')) my $token = $cgi->param('token'); if ($cgi->param('id')) { - check_hash_token($token, [$first_bug->id, $first_bug->delta_ts]); + check_hash_token($token, [$first_bug->id, $delta_ts]); } else { check_token_data($token, 'buglist_mass_change', 'query.cgi'); |