diff options
| author | Dylan William Hardison <dylan@mozilla.com> | 2016-05-03 15:59:02 +0200 |
|---|---|---|
| committer | David Lawrence <dkl@mozilla.com> | 2016-05-03 15:59:02 +0200 |
| commit | 64df9b75f1691629a6b7ad234d513d905dba2b2a (patch) | |
| tree | 0c93e4cadf6fe881f89fffa137db6de783f827f7 | |
| parent | c3b2af3a094fe881a8cd2ab2a01c694ea622e95b (diff) | |
| download | bugzilla-64df9b75f1691629a6b7ad234d513d905dba2b2a.tar.gz bugzilla-64df9b75f1691629a6b7ad234d513d905dba2b2a.tar.xz | |
Bug 1268989 - Inefficient check of "Bugzilla_api_token" might lead to CSRF/data disclosure vulnerability in Bugzilla's REST API
r=dkl
| -rw-r--r-- | Bugzilla/Auth/Login/Cookie.pm | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm index b67fb73db..d8bf2f08f 100644 --- a/Bugzilla/Auth/Login/Cookie.pm +++ b/Bugzilla/Auth/Login/Cookie.pm @@ -55,15 +55,7 @@ sub get_login_info { # If the call is for a web service, and an api token is provided, check # it is valid. if (i_am_webservice()) { - if ($login_cookie - && Bugzilla->usage_mode == USAGE_MODE_REST - && !exists Bugzilla->input_params->{Bugzilla_api_token}) - { - # REST requires an api-token when using cookie authentication - # fall back to a non-authenticated request - $login_cookie = ''; - - } elsif (Bugzilla->input_params->{Bugzilla_api_token}) { + if (exists Bugzilla->input_params->{Bugzilla_api_token}) { my $api_token = Bugzilla->input_params->{Bugzilla_api_token}; my ($token_user_id, undef, undef, $token_type) = Bugzilla::Token::GetTokenData($api_token); @@ -74,6 +66,11 @@ sub get_login_info { ThrowUserError('auth_invalid_token', { token => $api_token }); } } + elsif ($login_cookie && Bugzilla->usage_mode == USAGE_MODE_REST) { + # REST requires an api-token when using cookie authentication + # fall back to a non-authenticated request + $login_cookie = ''; + } } } |