summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorByron Jones <bjones@mozilla.com>2013-10-17 15:50:53 +0200
committerByron Jones <bjones@mozilla.com>2013-10-17 15:50:53 +0200
commit2c257b0a104c1bb3483adfb0eacb792c528010e9 (patch)
treec716df84a2993b7f498cd70e47b51f09bd09827e
parent2efee598fb075cf727ac0d6aa5e6f833dc6f24e4 (diff)
downloadbugzilla-2c257b0a104c1bb3483adfb0eacb792c528010e9.tar.gz
bugzilla-2c257b0a104c1bb3483adfb0eacb792c528010e9.tar.xz
Bug 927736: "invalid token" error if someone else changes the CC list while viewing a bug
-rwxr-xr-xprocess_bug.cgi22
1 files changed, 11 insertions, 11 deletions
diff --git a/process_bug.cgi b/process_bug.cgi
index 259b48bdd..4483c8ebf 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -149,19 +149,19 @@ $timings->time('load_bug');
# Check for a mid-air collision. Currently this only works when updating
# an individual bug.
-if (defined $cgi->param('delta_ts'))
-{
- my $delta_ts_z = datetime_from($cgi->param('delta_ts'));
+my $delta_ts = $cgi->param('delta_ts') || '';
+
+if ($delta_ts) {
+ my $delta_ts_z = datetime_from($delta_ts)
+ or ThrowCodeError('invalid_timestamp', { timestamp => $delta_ts });
+
my $first_delta_tz_z = datetime_from($first_bug->delta_ts);
- if ($first_delta_tz_z ne $delta_ts_z) {
- ($vars->{'operations'}) =
- Bugzilla::Bug::GetBugActivity($first_bug->id, undef,
- scalar $cgi->param('delta_ts'));
- ThrowCodeError('undefined_field', { field => 'longdesclength' })
- if !defined $cgi->param('longdesclength');
+ if ($first_delta_tz_z ne $delta_ts_z) {
+ ($vars->{'operations'}) = Bugzilla::Bug::GetBugActivity($first_bug->id, undef, $delta_ts);
- my $start_at = $cgi->param('longdesclength');
+ my $start_at = $cgi->param('longdesclength')
+ or ThrowCodeError('undefined_field', { field => 'longdesclength' });
# Always sort midair collision comments oldest to newest,
# regardless of the user's personal preference.
@@ -206,7 +206,7 @@ if (defined $cgi->param('delta_ts'))
my $token = $cgi->param('token');
if ($cgi->param('id')) {
- check_hash_token($token, [$first_bug->id, $first_bug->delta_ts]);
+ check_hash_token($token, [$first_bug->id, $delta_ts]);
}
else {
check_token_data($token, 'buglist_mass_change', 'query.cgi');