diff options
author | Dylan William Hardison <dylan@hardison.net> | 2017-12-21 04:14:08 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-21 04:14:08 +0100 |
commit | 602af2ba4d6b98379a85bfa429132dbccf5851ea (patch) | |
tree | e931604c0c567376d75be97f253f4f673afa31ba | |
parent | 484182135092c4c01a8db6f5c44e1afa89b540d7 (diff) | |
download | bugzilla-602af2ba4d6b98379a85bfa429132dbccf5851ea.tar.gz bugzilla-602af2ba4d6b98379a85bfa429132dbccf5851ea.tar.xz |
Bug 1424408 - "Sign in with GitHub" button triggers a bugzilla security error, if I'm viewing a page with e.g. "t=" in the URL
-rwxr-xr-x | github.cgi | 2 | ||||
-rw-r--r-- | qa/t/test_custom_fields.t | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/github.cgi b/github.cgi index acb02d466..b8467e1e0 100755 --- a/github.cgi +++ b/github.cgi @@ -44,7 +44,7 @@ if (lc($cgi->request_method) eq 'post') { unless $target_uri =~ /^\Q$urlbase\E/; ThrowCodeError("github_insecure_referer", { target_uri => $target_uri }) - if $cgi->referer && $cgi->referer =~ /(reset_password\.cgi|token\.cgi|t=|token=|api_key=)/; + if $cgi->referer && $cgi->referer =~ /(?:reset_password\.cgi|token\.cgi|\bt=|token=|api_key=)/; if ($user->id) { print $cgi->redirect($target_uri); diff --git a/qa/t/test_custom_fields.t b/qa/t/test_custom_fields.t index 70ffe876a..bd2074585 100644 --- a/qa/t/test_custom_fields.t +++ b/qa/t/test_custom_fields.t @@ -56,7 +56,7 @@ $sel->type_ok("sortkey", $bug1_id); $sel->click_ok("enter_bug"); $sel->value_is("enter_bug", "on"); $sel->click_ok("new_bugmail"); -sleep 5; +sleep 10; $sel->value_is("new_bugmail", "on"); $sel->value_is("obsolete", "off"); $sel->click_ok("create"); |