diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2011-01-22 18:15:42 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-01-22 18:15:42 +0100 |
| commit | 721dfc64e95140c48726738770cd22b71ac36702 (patch) | |
| tree | c08aa9dc3fb9e1da20439b81dcb739055757db50 | |
| parent | 66a3af3269c5e58ed6e27173e7f0331ee581cadf (diff) | |
| download | bugzilla-721dfc64e95140c48726738770cd22b71ac36702.tar.gz bugzilla-721dfc64e95140c48726738770cd22b71ac36702.tar.xz | |
Bug 621109: Column changing lacks CSRF protection
r=dkl a=mkanat
| -rwxr-xr-x | colchange.cgi | 19 | ||||
| -rw-r--r-- | template/en/default/list/change-columns.html.tmpl | 5 |
2 files changed, 19 insertions, 5 deletions
diff --git a/colchange.cgi b/colchange.cgi index 0bd3af481..844f7615c 100755 --- a/colchange.cgi +++ b/colchange.cgi @@ -33,6 +33,7 @@ use Bugzilla::CGI; use Bugzilla::Search::Saved; use Bugzilla::Error; use Bugzilla::User; +use Bugzilla::Token; use Storable qw(dclone); @@ -86,6 +87,19 @@ $vars->{'columns'} = $columns; my @collist; if (defined $cgi->param('rememberedquery')) { + my $search; + if (defined $cgi->param('saved_search')) { + $search = new Bugzilla::Search::Saved($cgi->param('saved_search')); + } + + my $token = $cgi->param('token'); + if ($search) { + check_hash_token($token, [$search->id, $search->name]); + } + else { + check_hash_token($token, ['default-list']); + } + my $splitheader = 0; if (defined $cgi->param('resetit')) { @collist = DEFAULT_COLUMN_LIST; @@ -123,11 +137,6 @@ if (defined $cgi->param('rememberedquery')) { $vars->{'message'} = "change_columns"; - my $search; - if (defined $cgi->param('saved_search')) { - $search = new Bugzilla::Search::Saved($cgi->param('saved_search')); - } - if ($cgi->param('save_columns_for_search') && defined $search && $search->user->id == Bugzilla->user->id) { diff --git a/template/en/default/list/change-columns.html.tmpl b/template/en/default/list/change-columns.html.tmpl index 77deb503c..b13055c38 100644 --- a/template/en/default/list/change-columns.html.tmpl +++ b/template/en/default/list/change-columns.html.tmpl @@ -121,11 +121,16 @@ <p> <input type="hidden" name="saved_search" value="[% saved_search.id FILTER html%]" > + <input type="hidden" name="token" + value="[% issue_hash_token([saved_search.id, saved_search.name]) FILTER html %]"> <input type="checkbox" id="save_columns_for_search" checked="checked" name="save_columns_for_search" value="1"> <label for="save_columns_for_search">Save this column list only for search '[% saved_search.name FILTER html %]'</label> </p> + [% ELSE %] + <input type="hidden" name="token" + value="[% issue_hash_token(['default-list']) FILTER html %]"> [% END %] <p> |