summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-15 07:02:09 +0200
committerlpsolit%gmail.com <>2006-10-15 07:02:09 +0200
commit93815fc7619567cc962e053280c5ed0b19492feb (patch)
treeffc99d8156c41fbd0d5ab8801324adead2ef4436
parent6fcfcb93eda16108f71b4c96010bae95cde622cd (diff)
downloadbugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz
bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.xz
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
-rw-r--r--Bugzilla/Token.pm57
-rwxr-xr-xattachment.cgi4
-rwxr-xr-xeditclassifications.cgi18
-rwxr-xr-xeditcomponents.cgi20
-rw-r--r--editfields.cgi15
-rwxr-xr-xeditflagtypes.cgi38
-rwxr-xr-xeditgroups.cgi14
-rwxr-xr-xeditkeywords.cgi21
-rwxr-xr-xeditmilestones.cgi18
-rwxr-xr-xeditparams.cgi6
-rwxr-xr-xeditproducts.cgi26
-rwxr-xr-xeditsettings.cgi5
-rwxr-xr-xeditusers.cgi19
-rwxr-xr-xeditvalues.cgi12
-rwxr-xr-xeditversions.cgi15
-rwxr-xr-xeditwhines.cgi7
-rwxr-xr-xenter_bug.cgi2
-rwxr-xr-xrelogin.cgi4
-rw-r--r--skins/standard/global.css8
-rw-r--r--template/en/default/admin/classifications/add.html.tmpl1
-rw-r--r--template/en/default/admin/classifications/del.html.tmpl1
-rw-r--r--template/en/default/admin/classifications/edit.html.tmpl1
-rw-r--r--template/en/default/admin/classifications/reclassify.html.tmpl1
-rw-r--r--template/en/default/admin/components/confirm-delete.html.tmpl1
-rw-r--r--template/en/default/admin/components/create.html.tmpl2
-rw-r--r--template/en/default/admin/components/edit.html.tmpl1
-rw-r--r--template/en/default/admin/confirm-action.html.tmpl97
-rw-r--r--template/en/default/admin/custom_fields/create.html.tmpl1
-rw-r--r--template/en/default/admin/custom_fields/edit.html.tmpl1
-rw-r--r--template/en/default/admin/fieldvalues/confirm-delete.html.tmpl1
-rw-r--r--template/en/default/admin/fieldvalues/create.html.tmpl2
-rw-r--r--template/en/default/admin/fieldvalues/edit.html.tmpl2
-rw-r--r--template/en/default/admin/flag-type/confirm-delete.html.tmpl16
-rw-r--r--template/en/default/admin/flag-type/edit.html.tmpl1
-rw-r--r--template/en/default/admin/flag-type/list.html.tmpl23
-rw-r--r--template/en/default/admin/groups/create.html.tmpl1
-rw-r--r--template/en/default/admin/groups/delete.html.tmpl1
-rw-r--r--template/en/default/admin/groups/edit.html.tmpl1
-rwxr-xr-xtemplate/en/default/admin/keywords/confirm-delete.html.tmpl1
-rwxr-xr-xtemplate/en/default/admin/keywords/create.html.tmpl1
-rwxr-xr-xtemplate/en/default/admin/keywords/edit.html.tmpl1
-rw-r--r--template/en/default/admin/milestones/confirm-delete.html.tmpl1
-rw-r--r--template/en/default/admin/milestones/create.html.tmpl2
-rw-r--r--template/en/default/admin/milestones/edit.html.tmpl2
-rw-r--r--template/en/default/admin/params/editparams.html.tmpl1
-rw-r--r--template/en/default/admin/products/confirm-delete.html.tmpl1
-rw-r--r--template/en/default/admin/products/create.html.tmpl1
-rw-r--r--template/en/default/admin/products/edit.html.tmpl1
-rw-r--r--template/en/default/admin/products/groupcontrol/edit.html.tmpl1
-rw-r--r--template/en/default/admin/settings/edit.html.tmpl1
-rw-r--r--template/en/default/admin/users/confirm-delete.html.tmpl1
-rw-r--r--template/en/default/admin/users/create.html.tmpl1
-rw-r--r--template/en/default/admin/users/edit.html.tmpl1
-rw-r--r--template/en/default/admin/versions/confirm-delete.html.tmpl1
-rw-r--r--template/en/default/admin/versions/create.html.tmpl2
-rw-r--r--template/en/default/admin/versions/edit.html.tmpl2
-rw-r--r--template/en/default/filterexceptions.pl1
-rw-r--r--template/en/default/whine/schedule.html.tmpl1
-rwxr-xr-xtoken.cgi2
59 files changed, 403 insertions, 87 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index f00e65280..a0f6b0c8e 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -18,6 +18,7 @@
# Rights Reserved.
#
# Contributor(s): Myk Melez <myk@mozilla.org>
+# Frédéric Buclin <LpSolit@gmail.com>
################################################################################
# Module Initialization
@@ -36,6 +37,11 @@ use Bugzilla::Util;
use Date::Format;
use Date::Parse;
+use File::Basename;
+
+use base qw(Exporter);
+
+@Bugzilla::Token::EXPORT = qw(issue_session_token check_token_data delete_token);
################################################################################
# Public Functions
@@ -156,7 +162,7 @@ sub IssuePasswordToken {
MessageToMTA($message);
}
-sub IssueSessionToken {
+sub issue_session_token {
# Generates a random token, adds it to the tokens table, and returns
# the token to the caller.
@@ -243,7 +249,7 @@ sub Cancel {
MessageToMTA($message);
# Delete the token from the database.
- DeleteToken($token);
+ delete_token($token);
}
sub DeletePasswordTokens {
@@ -279,6 +285,7 @@ sub GetTokenData {
my $dbh = Bugzilla->dbh;
return unless defined $token;
+ $token = clean_text($token);
trick_taint($token);
return $dbh->selectrow_array(
@@ -288,7 +295,7 @@ sub GetTokenData {
}
# Deletes specified token
-sub DeleteToken {
+sub delete_token {
my ($token) = @_;
my $dbh = Bugzilla->dbh;
@@ -300,6 +307,50 @@ sub DeleteToken {
$dbh->bz_unlock_tables();
}
+# Given a token, makes sure it comes from the currently logged in user
+# and match the expected event. Returns 1 on success, else displays a warning.
+# Note: this routine must not be called while tables are locked as it will try
+# to lock some tables itself, see CleanTokenTable().
+sub check_token_data {
+ my ($token, $expected_action) = @_;
+ my $user = Bugzilla->user;
+ my $template = Bugzilla->template;
+ my $cgi = Bugzilla->cgi;
+
+ my ($creator_id, $date, $token_action) = GetTokenData($token);
+ unless ($creator_id
+ && $creator_id == $user->id
+ && $token_action eq $expected_action)
+ {
+ # Something is going wrong. Ask confirmation before processing.
+ # It is possible that someone tried to trick an administrator.
+ # In this case, we want to know his name!
+ require Bugzilla::User;
+
+ my $vars = {};
+ $vars->{'abuser'} = Bugzilla::User->new($creator_id)->identity;
+ $vars->{'token_action'} = $token_action;
+ $vars->{'expected_action'} = $expected_action;
+ $vars->{'script_name'} = basename($0);
+
+ # Now is a good time to remove old tokens from the DB.
+ CleanTokenTable();
+
+ # If no token was found, create a valid token for the given action.
+ unless ($creator_id) {
+ $token = issue_session_token($expected_action);
+ $cgi->param('token', $token);
+ }
+
+ print $cgi->header();
+
+ $template->process('admin/confirm-action.html.tmpl', $vars)
+ || ThrowTemplateError($template->error());
+ exit;
+ }
+ return 1;
+}
+
################################################################################
# Internal Functions
################################################################################
diff --git a/attachment.cgi b/attachment.cgi
index 431db444e..2b35b5e2c 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -825,7 +825,7 @@ sub delete_attachment {
}
# Now delete the token.
- Bugzilla::Token::DeleteToken($token);
+ delete_token($token);
# Paste the reason provided by the admin into a comment.
AppendComment($bug_id, $user->id, $msg);
@@ -835,7 +835,7 @@ sub delete_attachment {
}
else {
# Create a token.
- $token = Bugzilla::Token::IssueSessionToken('attachment' . $attach_id);
+ $token = issue_session_token('attachment' . $attach_id);
$vars->{'a'} = $attachment;
$vars->{'token'} = $token;
diff --git a/editclassifications.cgi b/editclassifications.cgi
index 026f1b3ab..0ebfb97fa 100755
--- a/editclassifications.cgi
+++ b/editclassifications.cgi
@@ -28,6 +28,7 @@ use Bugzilla::Constants;
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::Classification;
+use Bugzilla::Token;
my $dbh = Bugzilla->dbh;
my $cgi = Bugzilla->cgi;
@@ -68,7 +69,8 @@ ThrowUserError("auth_classification_not_enabled")
#
my $action = trim($cgi->param('action') || '');
my $class_name = trim($cgi->param('classification') || '');
-
+my $token = $cgi->param('token');
+
#
# action='' -> Show nice list of classifications
#
@@ -88,6 +90,7 @@ unless ($action) {
#
if ($action eq 'add') {
+ $vars->{'token'} = issue_session_token('add_classification');
LoadTemplate($action);
}
@@ -96,6 +99,7 @@ if ($action eq 'add') {
#
if ($action eq 'new') {
+ check_token_data($token, 'add_classification');
$class_name || ThrowUserError("classification_not_specified");
@@ -124,6 +128,7 @@ if ($action eq 'new') {
$vars->{'classification'} = $class_name;
+ delete_token($token);
LoadTemplate($action);
}
@@ -147,6 +152,7 @@ if ($action eq 'del') {
}
$vars->{'classification'} = $classification;
+ $vars->{'token'} = issue_session_token('delete_classification');
LoadTemplate($action);
}
@@ -156,6 +162,7 @@ if ($action eq 'del') {
#
if ($action eq 'delete') {
+ check_token_data($token, 'delete_classification');
my $classification =
Bugzilla::Classification::check_classification($class_name);
@@ -179,6 +186,7 @@ if ($action eq 'delete') {
$vars->{'classification'} = $classification;
+ delete_token($token);
LoadTemplate($action);
}
@@ -194,6 +202,7 @@ if ($action eq 'edit') {
Bugzilla::Classification::check_classification($class_name);
$vars->{'classification'} = $classification;
+ $vars->{'token'} = issue_session_token('edit_classification');
LoadTemplate($action);
}
@@ -203,6 +212,7 @@ if ($action eq 'edit') {
#
if ($action eq 'update') {
+ check_token_data($token, 'edit_classification');
$class_name || ThrowUserError("classification_not_specified");
@@ -254,6 +264,7 @@ if ($action eq 'update') {
$dbh->bz_unlock_tables();
+ delete_token($token);
LoadTemplate($action);
}
@@ -270,25 +281,30 @@ if ($action eq 'reclassify') {
WHERE name = ?");
if (defined $cgi->param('add_products')) {
+ check_token_data($token, 'reclassify_classifications');
if (defined $cgi->param('prodlist')) {
foreach my $prod ($cgi->param("prodlist")) {
trick_taint($prod);
$sth->execute($classification->id, $prod);
}
}
+ delete_token($token);
} elsif (defined $cgi->param('remove_products')) {
+ check_token_data($token, 'reclassify_classifications');
if (defined $cgi->param('myprodlist')) {
foreach my $prod ($cgi->param("myprodlist")) {
trick_taint($prod);
$sth->execute(1,$prod);
}
}
+ delete_token($token);
}
my @classifications =
Bugzilla::Classification::get_all_classifications;
$vars->{'classifications'} = \@classifications;
$vars->{'classification'} = $classification;
+ $vars->{'token'} = issue_session_token('reclassify_classifications');
LoadTemplate($action);
}
diff --git a/editcomponents.cgi b/editcomponents.cgi
index cc81cece7..2ff41d628 100755
--- a/editcomponents.cgi
+++ b/editcomponents.cgi
@@ -39,6 +39,7 @@ use Bugzilla::User;
use Bugzilla::Product;
use Bugzilla::Component;
use Bugzilla::Bug;
+use Bugzilla::Token;
###############
# Subroutines #
@@ -86,6 +87,7 @@ my $product_name = trim($cgi->param('product') || '');
my $comp_name = trim($cgi->param('component') || '');
my $action = trim($cgi->param('action') || '');
my $showbugcounts = (defined $cgi->param('showbugcounts'));
+my $token = $cgi->param('token');
#
# product = '' -> Show nice list of products
@@ -130,7 +132,7 @@ unless ($action) {
#
if ($action eq 'add') {
-
+ $vars->{'token'} = issue_session_token('add_component');
$vars->{'product'} = $product;
$template->process("admin/components/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -145,7 +147,7 @@ if ($action eq 'add') {
#
if ($action eq 'new') {
-
+ check_token_data($token, 'add_component');
# Do the user matching
Bugzilla::User::match_field ($cgi, {
'initialowner' => { 'type' => 'single' },
@@ -244,6 +246,8 @@ if ($action eq 'new') {
$vars->{'comp'} = $component;
$vars->{'product'} = $product;
+ delete_token($token);
+
$template->process("admin/components/created.html.tmpl",
$vars)
|| ThrowTemplateError($template->error());
@@ -260,7 +264,7 @@ if ($action eq 'new') {
#
if ($action eq 'del') {
-
+ $vars->{'token'} = issue_session_token('delete_component');
$vars->{'comp'} =
Bugzilla::Component::check_component($product, $comp_name);
@@ -279,7 +283,7 @@ if ($action eq 'del') {
#
if ($action eq 'delete') {
-
+ check_token_data($token, 'delete_component');
my $component =
Bugzilla::Component::check_component($product, $comp_name);
@@ -313,6 +317,8 @@ if ($action eq 'delete') {
$vars->{'comp'} = $component;
$vars->{'product'} = $product;
+ delete_token($token);
+
$template->process("admin/components/deleted.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -327,7 +333,7 @@ if ($action eq 'delete') {
#
if ($action eq 'edit') {
-
+ $vars->{'token'} = issue_session_token('edit_component');
my $component =
Bugzilla::Component::check_component($product, $comp_name);
$vars->{'comp'} = $component;
@@ -351,7 +357,7 @@ if ($action eq 'edit') {
#
if ($action eq 'update') {
-
+ check_token_data($token, 'edit_component');
# Do the user matching
Bugzilla::User::match_field ($cgi, {
'initialowner' => { 'type' => 'single' },
@@ -459,6 +465,8 @@ if ($action eq 'update') {
$vars->{'initial_cc_names'} =
join(', ', map($_->login, @{$component->initial_cc}));
$vars->{'product'} = $product;
+ delete_token($token);
+
$template->process("admin/components/updated.html.tmpl",
$vars)
|| ThrowTemplateError($template->error());
diff --git a/editfields.cgi b/editfields.cgi
index 67b72e98d..a77aafe77 100644
--- a/editfields.cgi
+++ b/editfields.cgi
@@ -23,6 +23,7 @@ use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Util;
use Bugzilla::Field;
+use Bugzilla::Token;
my $cgi = Bugzilla->cgi;
my $template = Bugzilla->template;
@@ -36,6 +37,7 @@ $user->in_group('admin')
object => 'custom_fields'});
my $action = trim($cgi->param('action') || '');
+my $token = $cgi->param('token');
print $cgi->header();
@@ -46,10 +48,13 @@ if (!$action) {
}
# Interface to add a new custom field.
elsif ($action eq 'add') {
+ $vars->{'token'} = issue_session_token('add_field');
+
$template->process('admin/custom_fields/create.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
}
elsif ($action eq 'new') {
+ check_token_data($token, 'add_field');
my $name = clean_text($cgi->param('name') || '');
my $desc = clean_text($cgi->param('desc') || '');
my $type = trim($cgi->param('type') || FIELD_TYPE_FREETEXT);
@@ -93,6 +98,7 @@ elsif ($action eq 'new') {
$vars->{'is_obsolete'} = $cgi->param('obsolete') ? 1 : 0;
Bugzilla::Field::create_or_update($vars);
+ delete_token($token);
$vars->{'message'} = 'custom_field_created';
@@ -109,11 +115,13 @@ elsif ($action eq 'edit') {
$field || ThrowUserError('customfield_nonexistent', {'name' => $name});
$vars->{'field'} = $field;
+ $vars->{'token'} = issue_session_token('edit_field');
$template->process('admin/custom_fields/edit.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
}
elsif ($action eq 'update') {
+ check_token_data($token, 'edit_field');
my $name = $cgi->param('name');
my $desc = clean_text($cgi->param('desc') || '');
my $sortkey = $cgi->param('sortkey') || 0;
@@ -144,18 +152,13 @@ elsif ($action eq 'update') {
$vars->{'is_obsolete'} = $cgi->param('obsolete') ? 1 : 0;
Bugzilla::Field::create_or_update($vars);
+ delete_token($token);
$vars->{'message'} = 'custom_field_updated';
$template->process('admin/custom_fields/list.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
}
-elsif ($action eq 'del') {
- die "not yet implemented...\n";
-}
-elsif ($action eq 'delete') {
- die "not yet implemented...\n";
-}
else {
ThrowUserError('no_valid_action', {'field' => 'custom_field'});
}
diff --git a/editflagtypes.cgi b/editflagtypes.cgi
index 2c03c4f1f..6e001a525 100755
--- a/editflagtypes.cgi
+++ b/editflagtypes.cgi
@@ -41,6 +41,7 @@ use Bugzilla::Product;
use Bugzilla::Component;
use Bugzilla::Bug;
use Bugzilla::Attachment;
+use Bugzilla::Token;
local our $cgi = Bugzilla->cgi;
local our $template = Bugzilla->template;
@@ -63,11 +64,12 @@ $user->in_group('editcomponents')
# Determine whether to use the action specified by the user or the default.
my $action = $cgi->param('action') || 'list';
+my $token = $cgi->param('token');
my @categoryActions;
if (@categoryActions = grep(/^categoryAction-.+/, $cgi->param())) {
$categoryActions[0] =~ s/^categoryAction-//;
- processCategoryChange($categoryActions[0]);
+ processCategoryChange($categoryActions[0], $token);
exit;
}
@@ -75,11 +77,11 @@ if ($action eq 'list') { list(); }
elsif ($action eq 'enter') { edit($action); }
elsif ($action eq 'copy') { edit($action); }
elsif ($action eq 'edit') { edit($action); }
-elsif ($action eq 'insert') { insert(); }
-elsif ($action eq 'update') { update(); }
+elsif ($action eq 'insert') { insert($token); }
+elsif ($action eq 'update') { update($token); }
elsif ($action eq 'confirmdelete') { confirmDelete(); }
-elsif ($action eq 'delete') { deleteType(); }
-elsif ($action eq 'deactivate') { deactivate(); }
+elsif ($action eq 'delete') { deleteType(undef, $token); }
+elsif ($action eq 'deactivate') { deactivate($token); }
else {
ThrowCodeError("action_unrecognized", { action => $action });
}
@@ -167,9 +169,11 @@ sub edit {
$vars->{'last_action'} = $cgi->param('action');
if ($cgi->param('action') eq 'enter' || $cgi->param('action') eq 'copy') {
$vars->{'action'} = "insert";
+ $vars->{'token'} = issue_session_token('add_flagtype');
}
else {
$vars->{'action'} = "update";
+ $vars->{'token'} = issue_session_token('edit_flagtype');
}
# If copying or editing an existing flag type, retrieve it.
@@ -197,7 +201,7 @@ sub edit {
}
sub processCategoryChange {
- my $categoryAction = shift;
+ my ($categoryAction, $token) = @_;
validateIsActive();
validateIsRequestable();
validateIsRequesteeble();
@@ -252,7 +256,8 @@ sub processCategoryChange {
$type->{'inclusions'} = \%inclusions;
$type->{'exclusions'} = \%exclusions;
$vars->{'type'} = $type;
-
+ $vars->{'token'} = $token;
+
# Return the appropriate HTTP response headers.
print $cgi->header();
@@ -287,6 +292,8 @@ sub clusion_array_to_hash {
}
sub insert {
+ my $token = shift;
+ check_token_data($token, 'add_flagtype');
my $name = validateName();
my $description = validateDescription();
my $cc_list = validateCCList();
@@ -329,6 +336,7 @@ sub insert {
$vars->{'name'} = $cgi->param('name');
$vars->{'message'} = "flag_type_created";
+ delete_token($token);
# Return the appropriate HTTP response headers.
print $cgi->header();
@@ -340,6 +348,8 @@ sub insert {
sub update {
+ my $token = shift;
+ check_token_data($token, 'edit_flagtype');
my $flag_type = validateID();
my $id = $flag_type->id;
my $name = validateName();
@@ -426,6 +436,7 @@ sub update {
$vars->{'name'} = $cgi->param('name');
$vars->{'message'} = "flag_type_changes_saved";
+ delete_token($token);
# Return the appropriate HTTP response headers.
print $cgi->header();
@@ -441,7 +452,7 @@ sub confirmDelete {
if ($flag_type->flag_count) {
$vars->{'flag_type'} = $flag_type;
-
+ $vars->{'token'} = issue_session_token('delete_flagtype');
# Return the appropriate HTTP response headers.
print $cgi->header();
@@ -450,13 +461,18 @@ sub confirmDelete {
|| ThrowTemplateError($template->error());
}
else {
- deleteType($flag_type);
+ # We should *always* ask if the admin really wants to delete
+ # a flagtype, even if there is no flag belonging to this type.
+ my $token = issue_session_token('delete_flagtype');
+ deleteType($flag_type, $token);
}
}
sub deleteType {
my $flag_type = shift || validateID();
+ my $token = shift;
+ check_token_data($token, 'delete_flagtype');
my $id = $flag_type->id;
my $dbh = Bugzilla->dbh;
@@ -474,6 +490,7 @@ sub deleteType {
$dbh->bz_unlock_tables();
$vars->{'message'} = "flag_type_deleted";
+ delete_token($token);
# Return the appropriate HTTP response headers.
print $cgi->header();
@@ -485,6 +502,8 @@ sub deleteType {
sub deactivate {
+ my $token = shift;
+ check_token_data($token, 'delete_flagtype');
my $flag_type = validateID();
validateIsActive();
@@ -496,6 +515,7 @@ sub deactivate {
$vars->{'message'} = "flag_type_deactivated";
$vars->{'flag_type'} = $flag_type;
+ delete_token($token);
# Return the appropriate HTTP response headers.
print $cgi->header();
diff --git a/editgroups.cgi b/editgroups.cgi
index 8e6cf55ac..09e1c8b10 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -35,6 +35,7 @@ use Bugzilla::Error;
use Bugzilla::Group;
use Bugzilla::Product;
use Bugzilla::User;
+use Bugzilla::Token;
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
@@ -51,6 +52,7 @@ $user->in_group('creategroups')
object => "groups"});
my $action = trim($cgi->param('action') || '');
+my $token = $cgi->param('token');
# Add missing entries in bug_group_map for bugs created while
# a mandatory group was disabled and which is now enabled again.
@@ -220,6 +222,7 @@ if ($action eq 'changeform') {
$vars->{'isactive'} = $isactive;
$vars->{'isbuggroup'} = $isbuggroup;
$vars->{'groups'} = \@groups;
+ $vars->{'token'} = issue_session_token('edit_group');
print $cgi->header();
$template->process("admin/groups/edit.html.tmpl", $vars)
@@ -235,6 +238,7 @@ if ($action eq 'changeform') {
#
if ($action eq 'add') {
+ $vars->{'token'} = issue_session_token('add_group');
print $cgi->header();
$template->process("admin/groups/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -249,6 +253,7 @@ if ($action eq 'add') {
#
if ($action eq 'new') {
+ check_token_data($token, 'add_group');
# Check that a not already used group name is given, that
# a description is also given and check if the regular
# expression is valid (if any).
@@ -284,6 +289,7 @@ if ($action eq 'new') {
undef, ($gid, CONTROLMAPSHOWN, CONTROLMAPNA));
}
Bugzilla::Group::RederiveRegexp($regexp, $gid);
+ delete_token($token);
print $cgi->header();
$template->process("admin/groups/created.html.tmpl", $vars)
@@ -356,6 +362,7 @@ if ($action eq 'del') {
$vars->{'hasflags'} = $hasflags;
$vars->{'shared_queries'} = $shared_queries;
$vars->{'buglist'} = $buglist;
+ $vars->{'token'} = issue_session_token('delete_group');
print $cgi->header();
$template->process("admin/groups/delete.html.tmpl", $vars)
@@ -369,6 +376,7 @@ if ($action eq 'del') {
#
if ($action eq 'delete') {
+ check_token_data($token, 'delete_group');
# Check that an existing group ID is given
my $gid = CheckGroupID($cgi->param('group'));
my ($name, $isbuggroup) =
@@ -455,6 +463,8 @@ if ($action eq 'delete') {
$dbh->do('DELETE FROM groups WHERE id = ?',
undef, $gid);
+ delete_token($token);
+
print $cgi->header();
$template->process("admin/groups/deleted.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -467,6 +477,7 @@ if ($action eq 'delete') {
#
if ($action eq 'postchanges') {
+ check_token_data($token, 'edit_group');
# ZLL: Bug 181589: we need to have something to remove explicitly listed users from
# groups in order for the conversion to 2.18 groups to work
my $action;
@@ -488,7 +499,8 @@ if ($action eq 'postchanges') {
if ($action == 2) {
$vars->{'regexp'} = $regexp;
}
-
+ delete_token($token);
+
print $cgi->header();
$template->process("admin/groups/change.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
diff --git a/editkeywords.cgi b/editkeywords.cgi
index bf130768e..3aca22e43 100755
--- a/editkeywords.cgi
+++ b/editkeywords.cgi
@@ -28,6 +28,7 @@ use Bugzilla::Constants;
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::Keyword;
+use Bugzilla::Token;
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
@@ -49,6 +50,8 @@ $user->in_group('editkeywords')
my $action = trim($cgi->param('action') || '');
my $key_id = $cgi->param('id');
+my $token = $cgi->param('token');
+
$vars->{'action'} = $action;
@@ -64,6 +67,8 @@ if ($action eq "") {
if ($action eq 'add') {
+ $vars->{'token'} = issue_session_token('add_keyword');
+
print $cgi->header();
$template->process("admin/keywords/create.html.tmpl", $vars)
@@ -76,12 +81,15 @@ if ($action eq 'add') {
# action='new' -> add keyword entered in the 'action=add' screen
#
if ($action eq 'new') {
+ check_token_data($token, 'add_keyword');
my $name = $cgi->param('name') || '';
my $desc = $cgi->param('description') || '';
my $keyword = Bugzilla::Keyword->create(
{ name => $name, description => $desc });
+ delete_token($token);
+
print $cgi->header();
$vars->{'name'} = $keyword->name;
@@ -104,6 +112,7 @@ if ($action eq 'edit') {
|| ThrowCodeError('invalid_keyword_id', { id => $key_id });
$vars->{'keyword'} = $keyword;
+ $vars->{'token'} = issue_session_token('edit_keyword');
print $cgi->header();
$template->process("admin/keywords/edit.html.tmpl", $vars)
@@ -117,6 +126,7 @@ if ($action eq 'edit') {
#
if ($action eq 'update') {
+ check_token_data($token, 'edit_keyword');
my $keyword = new Bugzilla::Keyword($key_id)
|| ThrowCodeError('invalid_keyword_id', { id => $key_id });
@@ -124,6 +134,8 @@ if ($action eq 'update') {
$keyword->set_description($cgi->param('description'));
$keyword->update();
+ delete_token($token);
+
print $cgi->header();
$vars->{'keyword'} = $keyword;
@@ -140,16 +152,25 @@ if ($action eq 'delete') {
$vars->{'keyword'} = $keyword;
+ # We need this token even if there is no bug using this keyword.
+ $token = issue_session_token('delete_keyword');
+
if (!$cgi->param('reallydelete') && $keyword->bug_count) {
+ $vars->{'token'} = $token;
+
print $cgi->header();
$template->process("admin/keywords/confirm-delete.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
}
+ # We cannot do this check earlier as we have to check 'reallydelete' first.
+ check_token_data($token, 'delete_keyword');
$dbh->do('DELETE FROM keywords WHERE keywordid = ?', undef, $keyword->id);
$dbh->do('DELETE FROM keyworddefs WHERE id = ?', undef, $keyword->id);
+ delete_token($token);
+
print $cgi->header();
$template->process("admin/keywords/rebuild-cache.html.tmpl", $vars)
diff --git a/editmilestones.cgi b/editmilestones.cgi
index 261b81920..d3a8c7a73 100755
--- a/editmilestones.cgi
+++ b/editmilestones.cgi
@@ -26,6 +26,7 @@ use Bugzilla::Error;
use Bugzilla::Product;
use Bugzilla::Milestone;
use Bugzilla::Bug;
+use Bugzilla::Token;
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
@@ -54,6 +55,7 @@ my $milestone_name = trim($cgi->param('milestone') || '');
my $sortkey = trim($cgi->param('sortkey') || 0);
my $action = trim($cgi->param('action') || '');
my $showbugcounts = (defined $cgi->param('showbugcounts'));
+my $token = $cgi->param('token');
#
# product = '' -> Show nice list of products
@@ -101,7 +103,7 @@ unless ($action) {
#
if ($action eq 'add') {
-
+ $vars->{'token'} = issue_session_token('add_milestone');
$vars->{'product'} = $product;
$template->process("admin/milestones/create.html.tmpl",
$vars)
@@ -117,7 +119,7 @@ if ($action eq 'add') {
#
if ($action eq 'new') {
-
+ check_token_data($token, 'add_milestone');
$milestone_name || ThrowUserError('milestone_blank_name');
if (length($milestone_name) > 20) {
@@ -145,6 +147,8 @@ if ($action eq 'new') {
$milestone = new Bugzilla::Milestone($product->id,
$milestone_name);
+ delete_token($token);
+
$vars->{'milestone'} = $milestone;
$vars->{'product'} = $product;
$template->process("admin/milestones/created.html.tmpl",
@@ -174,6 +178,7 @@ if ($action eq 'del') {
if ($product->default_milestone eq $milestone->name) {
ThrowUserError("milestone_is_default", $vars);
}
+ $vars->{'token'} = issue_session_token('delete_milestone');
$template->process("admin/milestones/confirm-delete.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -187,7 +192,7 @@ if ($action eq 'del') {
#
if ($action eq 'delete') {
-
+ check_token_data($token, 'delete_milestone');
my $milestone =
Bugzilla::Milestone::check_milestone($product,
$milestone_name);
@@ -223,6 +228,8 @@ if ($action eq 'delete') {
$dbh->do("DELETE FROM milestones WHERE product_id = ? AND value = ?",
undef, ($product->id, $milestone->name));
+ delete_token($token);
+
$template->process("admin/milestones/deleted.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -244,6 +251,7 @@ if ($action eq 'edit') {
$vars->{'milestone'} = $milestone;
$vars->{'product'} = $product;
+ $vars->{'token'} = issue_session_token('edit_milestone');
$template->process("admin/milestones/edit.html.tmpl",
$vars)
@@ -259,7 +267,7 @@ if ($action eq 'edit') {
#
if ($action eq 'update') {
-
+ check_token_data($token, 'edit_milestone');
my $milestone_old_name = trim($cgi->param('milestoneold') || '');
my $milestone_old =
Bugzilla::Milestone::check_milestone($product,
@@ -338,6 +346,8 @@ if ($action eq 'update') {
my $milestone =
Bugzilla::Milestone::check_milestone($product,
$milestone_name);
+ delete_token($token);
+
$vars->{'milestone'} = $milestone;
$vars->{'product'} = $product;
$template->process("admin/milestones/updated.html.tmpl",
diff --git a/editparams.cgi b/editparams.cgi
index 79063271a..cbce6405f 100755
--- a/editparams.cgi
+++ b/editparams.cgi
@@ -31,6 +31,7 @@ use Bugzilla::Config qw(:admin);
use Bugzilla::Config::Common;
use Bugzilla::Util;
use Bugzilla::Error;
+use Bugzilla::Token;
my $user = Bugzilla->login(LOGIN_REQUIRED);
my $cgi = Bugzilla->cgi;
@@ -45,6 +46,7 @@ $user->in_group('tweakparams')
object => "parameters"});
my $action = trim($cgi->param('action') || '');
+my $token = $cgi->param('token');
my $current_panel = $cgi->param('section') || 'core';
$current_panel =~ /^([A-Za-z0-9_-]+)$/;
$current_panel = $1;
@@ -66,6 +68,7 @@ foreach my $panel (Bugzilla::Config::param_panels()) {
$vars->{panels} = \@panels;
if ($action eq 'save' && $current_module) {
+ check_token_data($token, 'edit_parameters');
my @changes = ();
my @module_param_list = "Bugzilla::Config::${current_module}"->get_param_list(1);
@@ -125,7 +128,10 @@ if ($action eq 'save' && $current_module) {
$vars->{'param_changed'} = \@changes;
write_params();
+ delete_token($token);
}
+$vars->{'token'} = issue_session_token('edit_parameters');
+
$template->process("admin/params/editparams.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
diff --git a/editproducts.cgi b/editproducts.cgi
index 4c4394926..6fc5da258 100755
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -47,6 +47,7 @@ use Bugzilla::Milestone;
use Bugzilla::Group;
use Bugzilla::User;
use Bugzilla::Field;
+use Bugzilla::Token;
#
# Preliminary checks:
@@ -74,6 +75,7 @@ my $classification_name = trim($cgi->param('classification') || '');
my $product_name = trim($cgi->param('product') || '');
my $action = trim($cgi->param('action') || '');
my $showbugcounts = (defined $cgi->param('showbugcounts'));
+my $token = $cgi->param('token');
#
# product = '' -> Show nice list of classifications (if
@@ -128,12 +130,13 @@ if (!$action && !$product_name) {
#
if ($action eq 'add') {
-
if (Bugzilla->params->{'useclassification'}) {
my $classification =
Bugzilla::Classification::check_classification($classification_name);
$vars->{'classification'} = $classification;
}
+ $vars->{'token'} = issue_session_token('add_product');
+
$template->process("admin/products/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -146,7 +149,7 @@ if ($action eq 'add') {
#
if ($action eq 'new') {
-
+ check_token_data($token, 'add_product');
# Cleanups and validity checks
my $classification_id = 1;
@@ -306,6 +309,8 @@ if ($action eq 'new') {
$series->writeToDatabase();
}
}
+ delete_token($token);
+
$vars->{'product'} = $product;
$template->process("admin/products/created.html.tmpl", $vars)
@@ -339,6 +344,7 @@ if ($action eq 'del') {
}
$vars->{'product'} = $product;
+ $vars->{'token'} = issue_session_token('delete_product');
$template->process("admin/products/confirm-delete.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -350,6 +356,7 @@ if ($action eq 'del') {
#
if ($action eq 'delete') {
+ check_token_data($token, 'delete_product');
# First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
@@ -413,6 +420,8 @@ if ($action eq 'delete') {
$dbh->bz_unlock_tables();
+ delete_token($token);
+
$template->process("admin/products/deleted.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -467,9 +476,9 @@ if ($action eq 'edit' || (!$action && $product_name)) {
}
}
$vars->{'group_controls'} = $group_controls;
-
$vars->{'product'} = $product;
-
+ $vars->{'token'} = issue_session_token('edit_product');
+
$template->process("admin/products/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -481,6 +490,7 @@ if ($action eq 'edit' || (!$action && $product_name)) {
#
if ($action eq 'updategroupcontrols') {
+ check_token_data($token, 'edit_group_controls');
# First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
@@ -722,10 +732,10 @@ if ($action eq 'updategroupcontrols') {
}
$dbh->bz_unlock_tables();
- $vars->{'removed_na'} = \@removed_na;
+ delete_token($token);
+ $vars->{'removed_na'} = \@removed_na;
$vars->{'added_mandatory'} = \@added_mandatory;
-
$vars->{'product'} = $product;
$template->process("admin/products/groupcontrol/updated.html.tmpl", $vars)
@@ -737,7 +747,7 @@ if ($action eq 'updategroupcontrols') {
# action='update' -> update the product
#
if ($action eq 'update') {
-
+ check_token_data($token, 'edit_product');
my $product_old_name = trim($cgi->param('product_old_name') || '');
my $description = trim($cgi->param('description') || '');
my $disallownew = trim($cgi->param('disallownew') || '');
@@ -980,6 +990,7 @@ if ($action eq 'update') {
$vars->{'confirmedbugs'} = \@updated_bugs;
$vars->{'changer'} = $user->login;
}
+ delete_token($token);
$vars->{'old_product'} = $product_old;
$vars->{'product'} = $product;
@@ -1022,6 +1033,7 @@ if ($action eq 'editgroupcontrols') {
$vars->{'product'} = $product;
$vars->{'groups'} = $groups;
+ $vars->{'token'} = issue_session_token('edit_group_controls');
$vars->{'const'} = {
'CONTROLMAPNA' => CONTROLMAPNA,
diff --git a/editsettings.cgi b/editsettings.cgi
index 6d7fffdfa..a4a85710f 100755
--- a/editsettings.cgi
+++ b/editsettings.cgi
@@ -24,6 +24,7 @@ use Bugzilla::Constants;
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::User::Setting;
+use Bugzilla::Token;
my $template = Bugzilla->template;
local our $vars = {};
@@ -79,9 +80,12 @@ $user->in_group('tweakparams')
object => "settings"});
my $action = trim($cgi->param('action') || 'load');
+my $token = $cgi->param('token');
if ($action eq 'update') {
+ check_token_data($token, 'edit_settings');
SaveSettings();
+ delete_token($token);
$vars->{'changes_saved'} = 1;
$template->process("admin/settings/updated.html.tmpl", $vars)
@@ -92,6 +96,7 @@ if ($action eq 'update') {
if ($action eq 'load') {
LoadSettings();
+ $vars->{'token'} = issue_session_token('edit_settings');
$template->process("admin/settings/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
diff --git a/editusers.cgi b/editusers.cgi
index f30c66746..19e7ea587 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -33,6 +33,7 @@ use Bugzilla::BugMail;
use Bugzilla::Flag;
use Bugzilla::Field;
use Bugzilla::Group;
+use Bugzilla::Token;
my $user = Bugzilla->login(LOGIN_REQUIRED);
@@ -57,6 +58,7 @@ print $cgi->header();
my $action = $cgi->param('action') || 'search';
my $otherUserID = $cgi->param('userid');
my $otherUserLogin = $cgi->param('user');
+my $token = $cgi->param('token');
# Prefill template vars with data used in all or nearly all templates
$vars->{'editusers'} = $editusers;
@@ -183,6 +185,8 @@ if ($action eq 'search') {
action => "add",
object => "users"});
+ $vars->{'token'} = issue_session_token('add_user');
+
$template->process('admin/users/create.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
@@ -192,6 +196,8 @@ if ($action eq 'search') {
action => "add",
object => "users"});
+ check_token_data($token, 'add_user');
+
my $new_user = Bugzilla::User->create({
login_name => scalar $cgi->param('login'),
cryptpassword => scalar $cgi->param('password'),
@@ -201,6 +207,10 @@ if ($action eq 'search') {
userDataToVars($new_user->id);
+ delete_token($token);
+
+ # We already display the updated page. We have to recreate a token now.
+ $vars->{'token'} = issue_session_token('edit_user');
$vars->{'message'} = 'account_created';
$template->process('admin/users/edit.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
@@ -212,6 +222,7 @@ if ($action eq 'search') {
###########################################################################
} elsif ($action eq 'update') {
+ check_token_data($token, 'edit_user');
my $otherUser = check_user($otherUserID, $otherUserLogin);
$otherUserID = $otherUser->id;
@@ -388,6 +399,7 @@ if ($action eq 'search') {
# XXX: userDataToVars may be off when editing ourselves.
userDataToVars($otherUserID);
+ delete_token($token);
$vars->{'message'} = 'account_updated';
$vars->{'loginold'} = $otherUser->login;
@@ -396,6 +408,9 @@ if ($action eq 'search') {
$vars->{'groups_removed_from'} = \@groupsRemovedFrom;
$vars->{'groups_granted_rights_to_bless'} = \@groupsGrantedRightsToBless;
$vars->{'groups_denied_rights_to_bless'} = \@groupsDeniedRightsToBless;
+ # We already display the updated page. We have to recreate a token now.
+ $vars->{'token'} = issue_session_token('edit_user');
+
$template->process('admin/users/edit.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
@@ -479,12 +494,14 @@ if ($action eq 'search') {
AND mailto_type = ?
},
undef, ($otherUserID, MAILTO_USER));
+ $vars->{'token'} = issue_session_token('delete_user');
$template->process('admin/users/confirm-delete.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
###########################################################################
} elsif ($action eq 'delete') {
+ check_token_data($token, 'delete_user');
my $otherUser = check_user($otherUserID, $otherUserLogin);
$otherUserID = $otherUser->id;
@@ -707,6 +724,7 @@ if ($action eq 'search') {
$dbh->do('DELETE FROM profiles WHERE userid = ?', undef, $otherUserID);
$dbh->bz_unlock_tables();
+ delete_token($token);
$vars->{'message'} = 'account_deleted';
$vars->{'otheruser'}{'login'} = $otherUser->login;
@@ -857,6 +875,7 @@ sub edit_processing {
object => "user"});
userDataToVars($otherUser->id);
+ $vars->{'token'} = issue_session_token('edit_user');
$template->process('admin/users/edit.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
diff --git a/editvalues.cgi b/editvalues.cgi
index b7e8ef12b..fe1ad546a 100755
--- a/editvalues.cgi
+++ b/editvalues.cgi
@@ -26,6 +26,7 @@ use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::Constants;
use Bugzilla::Config qw(:admin);
+use Bugzilla::Token;
# List of different tables that contain the changeable field values
# (the old "enums.") Keep them in alphabetical order by their
@@ -121,6 +122,7 @@ my $field = trim($cgi->param('field') || '');
my $value = trim($cgi->param('value') || '');
my $sortkey = trim($cgi->param('sortkey') || '0');
my $action = trim($cgi->param('action') || '');
+my $token = $cgi->param('token');
# Gives the name of the parameter associated with the field
# and representing its default value.
@@ -186,6 +188,7 @@ if ($action eq 'add') {
$vars->{'value'} = $value;
$vars->{'field'} = $field;
+ $vars->{'token'} = issue_session_token('add_field_value');
$template->process("admin/fieldvalues/create.html.tmpl",
$vars)
|| ThrowTemplateError($template->error());
@@ -198,6 +201,7 @@ if ($action eq 'add') {
# action='new' -> add field value entered in the 'action=add' screen
#
if ($action eq 'new') {
+ check_token_data($token, 'add_field_value');
FieldMustExist($field);
trick_taint($field);
@@ -228,6 +232,8 @@ if ($action eq 'new') {
VALUES ( ?, ? )");
$sth->execute($value, $sortkey);
+ delete_token($token);
+
$vars->{'value'} = $value;
$vars->{'field'} = $field;
$template->process("admin/fieldvalues/created.html.tmpl",
@@ -262,6 +268,7 @@ if ($action eq 'del') {
if (lsearch($static{$field}, $value) >= 0) {
ThrowUserError('fieldvalue_not_deletable', $vars);
}
+ $vars->{'token'} = issue_session_token('delete_field_value');
$template->process("admin/fieldvalues/confirm-delete.html.tmpl",
$vars)
@@ -275,6 +282,7 @@ if ($action eq 'del') {
# action='delete' -> really delete the field value
#
if ($action eq 'delete') {
+ check_token_data($token, 'delete_field_value');
ValueMustExist($field, $value);
$vars->{'value'} = $value;
@@ -311,6 +319,7 @@ if ($action eq 'delete') {
$dbh->do("DELETE FROM $field WHERE value = ?", undef, $value);
$dbh->bz_unlock_tables();
+ delete_token($token);
$template->process("admin/fieldvalues/deleted.html.tmpl",
$vars)
@@ -334,6 +343,7 @@ if ($action eq 'edit') {
$vars->{'value'} = $value;
$vars->{'field'} = $field;
$vars->{'is_static'} = (lsearch($static{$field}, $value) >= 0) ? 1 : 0;
+ $vars->{'token'} = issue_session_token('edit_field_value');
$template->process("admin/fieldvalues/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -346,6 +356,7 @@ if ($action eq 'edit') {
# action='update' -> update the field value
#
if ($action eq 'update') {
+ check_token_data($token, 'edit_field_value');
my $valueold = trim($cgi->param('valueold') || '');
my $sortkeyold = trim($cgi->param('sortkeyold') || '0');
@@ -420,6 +431,7 @@ if ($action eq 'update') {
write_params();
$vars->{'default_value_updated'} = 1;
}
+ delete_token($token);
$template->process("admin/fieldvalues/updated.html.tmpl",
$vars)
diff --git a/editversions.cgi b/editversions.cgi
index 0941896a5..486756307 100755
--- a/editversions.cgi
+++ b/editversions.cgi
@@ -37,6 +37,7 @@ use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::Product;
use Bugzilla::Version;
+use Bugzilla::Token;
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
@@ -63,6 +64,7 @@ my $product_name = trim($cgi->param('product') || '');
my $version_name = trim($cgi->param('version') || '');
my $action = trim($cgi->param('action') || '');
my $showbugcounts = (defined $cgi->param('showbugcounts'));
+my $token = $cgi->param('token');
#
# product = '' -> Show nice list of products
@@ -108,7 +110,7 @@ unless ($action) {
#
if ($action eq 'add') {
-
+ $vars->{'token'} = issue_session_token('add_version');
$vars->{'product'} = $product;
$template->process("admin/versions/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -123,8 +125,9 @@ if ($action eq 'add') {
#
if ($action eq 'new') {
-
+ check_token_data($token, 'add_version');
my $version = Bugzilla::Version::create($version_name, $product);
+ delete_token($token);
$vars->{'version'} = $version;
$vars->{'product'} = $product;
@@ -149,6 +152,7 @@ if ($action eq 'del') {
$vars->{'version'} = $version;
$vars->{'product'} = $product;
+ $vars->{'token'} = issue_session_token('delete_version');
$template->process("admin/versions/confirm-delete.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -162,9 +166,10 @@ if ($action eq 'del') {
#
if ($action eq 'delete') {
-
+ check_token_data($token, 'delete_version');
my $version = Bugzilla::Version::check_version($product, $version_name);
$version->remove_from_db;
+ delete_token($token);
$vars->{'version'} = $version;
$vars->{'product'} = $product;
@@ -189,6 +194,7 @@ if ($action eq 'edit') {
$vars->{'version'} = $version;
$vars->{'product'} = $product;
+ $vars->{'token'} = issue_session_token('edit_version');
$template->process("admin/versions/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -203,7 +209,7 @@ if ($action eq 'edit') {
#
if ($action eq 'update') {
-
+ check_token_data($token, 'edit_version');
my $version_old_name = trim($cgi->param('versionold') || '');
my $version =
Bugzilla::Version::check_version($product, $version_old_name);
@@ -213,6 +219,7 @@ if ($action eq 'update') {
$vars->{'updated'} = $version->update($version_name, $product);
$dbh->bz_unlock_tables();
+ delete_token($token);
$vars->{'version'} = $version;
$vars->{'product'} = $product;
diff --git a/editwhines.cgi b/editwhines.cgi
index 800c5385a..ba39b543d 100755
--- a/editwhines.cgi
+++ b/editwhines.cgi
@@ -35,6 +35,7 @@ use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::User;
use Bugzilla::Group;
+use Bugzilla::Token;
# require the user to have logged in
my $user = Bugzilla->login(LOGIN_REQUIRED);
@@ -49,7 +50,7 @@ my $vars = {};
my $dbh = Bugzilla->dbh;
my $userid = $user->id;
-
+my $token = $cgi->param('token');
my $sth; # database statement handle
# $events is a hash ref, keyed by event id, that stores the active user's
@@ -86,6 +87,8 @@ my $can_mail_others = Bugzilla->user->in_group('bz_canusewhineatothers');
# removed, then what was altered.
if ($cgi->param('update')) {
+ check_token_data($token, 'edit_whine');
+
if ($cgi->param("add_event")) {
# we create a new event
$sth = $dbh->prepare("INSERT INTO whine_events " .
@@ -349,6 +352,7 @@ if ($cgi->param('update')) {
}
}
}
+ delete_token($token);
}
$vars->{'mail_others'} = $can_mail_others;
@@ -436,6 +440,7 @@ $vars->{'available_queries'} = [];
while (my ($query) = $sth->fetchrow_array) {
push @{$vars->{'available_queries'}}, $query;
}
+$vars->{'token'} = issue_session_token('edit_whine');
$template->process("whine/schedule.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
diff --git a/enter_bug.cgi b/enter_bug.cgi
index 62abdcd81..317bd6d0c 100755
--- a/enter_bug.cgi
+++ b/enter_bug.cgi
@@ -335,7 +335,7 @@ $vars->{'qa_contact_disabled'} = !Bugzilla->user->in_group('editbugs');
$vars->{'cloned_bug_id'} = $cloned_bug_id;
-$vars->{'token'} = Bugzilla::Token::IssueSessionToken('createbug:');
+$vars->{'token'} = issue_session_token('createbug:');
my @enter_bug_fields = Bugzilla->get_fields({ custom => 1, obsolete => 0,
diff --git a/relogin.cgi b/relogin.cgi
index e47dbe003..5aa187490 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -60,7 +60,7 @@ if ($action eq 'prepare-sudo') {
}
# Keep a temporary record of the user visiting this page
- $vars->{'token'} = Bugzilla::Token::IssueSessionToken('sudo_prepared');
+ $vars->{'token'} = issue_session_token('sudo_prepared');
# Show the sudo page
$vars->{'target_login_default'} = $cgi->param('target_login');
@@ -121,7 +121,7 @@ elsif ($action eq 'begin-sudo') {
{ target_login => scalar $cgi->param('target_login'),
reason => scalar $cgi->param('reason')});
}
- Bugzilla::Token::DeleteToken($cgi->param('token'));
+ delete_token($cgi->param('token'));
# Get & verify the target user (the user who we will be impersonating)
my $target_user =
diff --git a/skins/standard/global.css b/skins/standard/global.css
index a2cf3ea93..5111a4a4a 100644
--- a/skins/standard/global.css
+++ b/skins/standard/global.css
@@ -289,3 +289,11 @@ span.quote {
}
table#flags th, table#flags td { vertical-align: baseline; text-align: left; }
+
+.throw_error {
+ background-color: #ff0000;
+ color: black;
+ font-size: 120%;
+ margin: 1em;
+ padding: 0.5em 1em;
+}
diff --git a/template/en/default/admin/classifications/add.html.tmpl b/template/en/default/admin/classifications/add.html.tmpl
index 15b8fc3a2..d549bbc79 100644
--- a/template/en/default/admin/classifications/add.html.tmpl
+++ b/template/en/default/admin/classifications/add.html.tmpl
@@ -49,6 +49,7 @@
<hr>
<input type=submit value="Add">
<input type=hidden name="action" value="new">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</FORM>
<p>Back to the <a href="./">main [% terms.bugs %] page</a>
diff --git a/template/en/default/admin/classifications/del.html.tmpl b/template/en/default/admin/classifications/del.html.tmpl
index 84c3cb197..ffb8fe065 100644
--- a/template/en/default/admin/classifications/del.html.tmpl
+++ b/template/en/default/admin/classifications/del.html.tmpl
@@ -56,6 +56,7 @@
<input type=submit value="Yes, delete">
<input type=hidden name="action" value="delete">
<input type=hidden name="classification" value="[% classification.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p>Back to the <a href="./">main [% terms.bugs %] page</a>
diff --git a/template/en/default/admin/classifications/edit.html.tmpl b/template/en/default/admin/classifications/edit.html.tmpl
index b56a401f4..923a79f5e 100644
--- a/template/en/default/admin/classifications/edit.html.tmpl
+++ b/template/en/default/admin/classifications/edit.html.tmpl
@@ -77,6 +77,7 @@
<input type=hidden name="classificationold"
value="[% classification.name FILTER html %]">
<input type=hidden name="action" value="update">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type=submit value="Update">
</form>
diff --git a/template/en/default/admin/classifications/reclassify.html.tmpl b/template/en/default/admin/classifications/reclassify.html.tmpl
index 0db2fc265..113c6f630 100644
--- a/template/en/default/admin/classifications/reclassify.html.tmpl
+++ b/template/en/default/admin/classifications/reclassify.html.tmpl
@@ -82,6 +82,7 @@
<input type=hidden name="action" value="reclassify">
<input type=hidden name="classification" value="[% classification.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p>Back to the <a href="./">main [% terms.bugs %] page</a>,
diff --git a/template/en/default/admin/components/confirm-delete.html.tmpl b/template/en/default/admin/components/confirm-delete.html.tmpl
index e7e00636e..1d7553f83 100644
--- a/template/en/default/admin/components/confirm-delete.html.tmpl
+++ b/template/en/default/admin/components/confirm-delete.html.tmpl
@@ -150,6 +150,7 @@
<input type="hidden" name="action" value="delete">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
<input type="hidden" name="component" value="[% comp.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
[% END %]
diff --git a/template/en/default/admin/components/create.html.tmpl b/template/en/default/admin/components/create.html.tmpl
index 013ee861e..9b4a19bf0 100644
--- a/template/en/default/admin/components/create.html.tmpl
+++ b/template/en/default/admin/components/create.html.tmpl
@@ -102,7 +102,7 @@
<input type="hidden" name='open_name' value='All Open'>
<input type="hidden" name='nonopen_name' value='All Closed'>
<input type="hidden" name='product' value="[% product.name FILTER html %]">
-
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
[% PROCESS admin/components/footer.html.tmpl %]
diff --git a/template/en/default/admin/components/edit.html.tmpl b/template/en/default/admin/components/edit.html.tmpl
index 6ee3a69fe..81a6e9fc2 100644
--- a/template/en/default/admin/components/edit.html.tmpl
+++ b/template/en/default/admin/components/edit.html.tmpl
@@ -119,6 +119,7 @@
<input type="hidden" name="action" value="update">
<input type="hidden" name="componentold" value="[% comp.name FILTER html %]">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" value="Update" id="update"> or <a
href="editcomponents.cgi?action=del&amp;product=
[%- product.name FILTER url_quote %]&amp;component=
diff --git a/template/en/default/admin/confirm-action.html.tmpl b/template/en/default/admin/confirm-action.html.tmpl
new file mode 100644
index 000000000..6e8caa6ac
--- /dev/null
+++ b/template/en/default/admin/confirm-action.html.tmpl
@@ -0,0 +1,97 @@
+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+ # License Version 1.1 (the "License"); you may not use this file
+ # except in compliance with the License. You may obtain a copy of
+ # the License at http://www.mozilla.org/MPL/
+ #
+ # Software distributed under the License is distributed on an "AS
+ # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ # implied. See the License for the specific language governing
+ # rights and limitations under the License.
+ #
+ # The Original Code is the Bugzilla Bug Tracking System.
+ #
+ # The Initial Developer of the Original Code is Frédéric Buclin.
+ #
+ # Contributor(s): Frédéric Buclin <LpSolit@gmail.com>
+ #%]
+
+[%# INTERFACE:
+ # abuser: identity of the user who created the (invalid?) token.
+ # token_action: the action the token was supposed to serve.
+ # expected_action: the action the user was going to do.
+ # script_name: the script generating this warning.
+ #%]
+
+[% PROCESS "global/field-descs.none.tmpl" %]
+
+[% PROCESS global/header.html.tmpl title = "Suspicious Action"
+ style_urls = ['skins/standard/global.css'] %]
+
+[% IF abuser %]
+ <div class="throw_error">
+ <p>When you view an administrative form in [% terms.Bugzilla %], a token string
+ is randomly generated and stored both in the database and in the form you loaded,
+ to make sure that the requested changes are being made as a result of submitting
+ a form generated by [% terms.Bugzilla %]. Unfortunately, the token used right now
+ is incorrect, meaning that it looks like you didn't come from the right page.
+ The following token has been used :</p>
+
+ <table border="0" cellpadding="5" cellspacing="0">
+ [% IF token_action != expected_action %]
+ <tr>
+ <th>Action&nbsp;stored:</th>
+ <td>[% token_action FILTER html %]</td>
+ </tr>
+ <tr>
+ <th>&nbsp;</th>
+ <td>
+ This action doesn't match the one expected ([% expected_action FILTER html %]).
+ </td>
+ </tr>
+ [% END %]
+
+ [% IF abuser != user.identity %]
+ <tr>
+ <th>Generated&nbsp;by:</th>
+ <td>[% abuser FILTER html %]</td>
+ </tr>
+ <tr>
+ <th>&nbsp;</th>
+ <td>
+ This token has not been generated by you. It is possible that someone
+ tried to trick you!
+ </td>
+ </tr>
+ [% END %]
+ </table>
+
+ <p>Please report this problem to [%+ Param("maintainer") FILTER html %].</p>
+ </div>
+[% ELSE %]
+ <div class="throw_error">
+ It looks like you didn't come from the right page (you have no valid token for
+ the <em>[% expected_action FILTER html %]</em> action while processing the
+ '[% script_name FILTER html%]' script). The reason could be one of:<br>
+ <ul>
+ <li>You clicked the "Back" button of your web browser after having successfully
+ submitted changes, which is generally not a good idea (but harmless).</li>
+ <li>You entered the URL in the address bar of your web browser directly,
+ which should be safe.</li>
+ <li>You clicked on a URL which redirected you here <b>without your consent</b>,
+ in which case this action is much more critical.</li>
+ </ul>
+ Are you sure you want to commit these changes anyway? This may result in
+ unexpected and undesired results.
+ </div>
+
+ <form name="check" id="check" method="post" action="[% script_name FILTER html %]">
+ [% PROCESS "global/hidden-fields.html.tmpl"
+ exclude="^(Bugzilla_login|Bugzilla_password)$" %]
+ <input type="submit" id="confirm" value="Confirm Changes">
+ </form>
+ <p>Or throw away these changes and go back to <a href="[% script_name FILTER html %]">
+ [%- script_name FILTER html %]</a>.</p>
+[% END %]
+
+[% PROCESS global/footer.html.tmpl %]
diff --git a/template/en/default/admin/custom_fields/create.html.tmpl b/template/en/default/admin/custom_fields/create.html.tmpl
index e8b66deca..995c4d0a9 100644
--- a/template/en/default/admin/custom_fields/create.html.tmpl
+++ b/template/en/default/admin/custom_fields/create.html.tmpl
@@ -102,6 +102,7 @@
</table>
<br>
<input type="hidden" name="action" value="new">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" id="create" value="Create">
</form>
diff --git a/template/en/default/admin/custom_fields/edit.html.tmpl b/template/en/default/admin/custom_fields/edit.html.tmpl
index 6ffa3d89d..2165ac323 100644
--- a/template/en/default/admin/custom_fields/edit.html.tmpl
+++ b/template/en/default/admin/custom_fields/edit.html.tmpl
@@ -98,6 +98,7 @@
<br>
<input type="hidden" name="action" value="update">
<input type="hidden" name="name" value="[% field.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" id="edit" value="Submit">
</form>
diff --git a/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl b/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl
index d29c124d6..4cd001476 100644
--- a/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl
+++ b/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl
@@ -111,6 +111,7 @@
<input type="hidden" name="action" value="delete">
<input type="hidden" name="field" value="[% field FILTER html %]">
<input type="hidden" name="value" value="[% value FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
[% END %]
diff --git a/template/en/default/admin/fieldvalues/create.html.tmpl b/template/en/default/admin/fieldvalues/create.html.tmpl
index c0d364416..2e87af053 100644
--- a/template/en/default/admin/fieldvalues/create.html.tmpl
+++ b/template/en/default/admin/fieldvalues/create.html.tmpl
@@ -42,7 +42,7 @@
<input type="submit" id="create" value="Add">
<input type="hidden" name="action" value="new">
<input type="hidden" name='field' value="[% field FILTER html %]">
-
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p>
diff --git a/template/en/default/admin/fieldvalues/edit.html.tmpl b/template/en/default/admin/fieldvalues/edit.html.tmpl
index 362ed4753..7ff3c0e33 100644
--- a/template/en/default/admin/fieldvalues/edit.html.tmpl
+++ b/template/en/default/admin/fieldvalues/edit.html.tmpl
@@ -55,8 +55,8 @@
<input type="hidden" name="sortkeyold" value="[% sortkey FILTER html %]">
<input type="hidden" name="action" value="update">
<input type="hidden" name="field" value="[% field FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" id="update" value="Update">
-
</form>
<p>
diff --git a/template/en/default/admin/flag-type/confirm-delete.html.tmpl b/template/en/default/admin/flag-type/confirm-delete.html.tmpl
index fda34e3b1..0af9fb5a2 100644
--- a/template/en/default/admin/flag-type/confirm-delete.html.tmpl
+++ b/template/en/default/admin/flag-type/confirm-delete.html.tmpl
@@ -21,18 +21,16 @@
[% PROCESS global/variables.none.tmpl %]
-[%# Filter off the name here to be used multiple times below %]
-[% name = BLOCK %][% flag_type.name FILTER html %][% END %]
+[% title = BLOCK %]Confirm Deletion of Flag Type '[% flag_type.name FILTER html %]'[% END %]
-[% PROCESS global/header.html.tmpl
- title = "Confirm Deletion of Flag Type '$name'"
-%]
+[% PROCESS global/header.html.tmpl title = title %]
<p>
- There are [% flag_type.flag_count %] flags of type [% name FILTER html %].
+ There are [% flag_type.flag_count %] flags of type [% flag_type.name FILTER html %].
If you delete this type, those flags will also be deleted. Note that
instead of deleting the type you can
- <a href="editflagtypes.cgi?action=deactivate&amp;id=[% flag_type.id %]">deactivate it</a>,
+ <a href="editflagtypes.cgi?action=deactivate&amp;id=[% flag_type.id %]&amp;token=
+ [%- token FILTER html %]">deactivate it</a>,
in which case the type and its flags will remain in the database
but will not appear in the [% terms.Bugzilla %] UI.
</p>
@@ -45,8 +43,8 @@
</tr>
<tr>
<td>
- <a href="editflagtypes.cgi?action=delete&amp;id=[% flag_type.id %]">
- Yes, delete
+ <a href="editflagtypes.cgi?action=delete&amp;id=[% flag_type.id %]&amp;token=
+ [%- token FILTER html %]">Yes, delete
</a>
</td>
<td align="right">
diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl
index 942fb3b09..e78c83643 100644
--- a/template/en/default/admin/flag-type/edit.html.tmpl
+++ b/template/en/default/admin/flag-type/edit.html.tmpl
@@ -53,6 +53,7 @@
<form method="post" action="editflagtypes.cgi">
<input type="hidden" name="action" value="[% action %]">
<input type="hidden" name="id" value="[% type.id %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="hidden" name="target_type" value="[% type.target_type %]">
[% FOREACH category = type.inclusions %]
<input type="hidden" name="inclusions" value="[% category.value FILTER html %]">
diff --git a/template/en/default/admin/flag-type/list.html.tmpl b/template/en/default/admin/flag-type/list.html.tmpl
index 94fe3da0c..3346f9570 100644
--- a/template/en/default/admin/flag-type/list.html.tmpl
+++ b/template/en/default/admin/flag-type/list.html.tmpl
@@ -101,25 +101,6 @@
<a href="editflagtypes.cgi?action=enter&amp;target_type=attachment">Create Flag Type For Attachments</a>
</p>
-<script type="text/javascript">
- <!--
- function confirmDelete(id, name, count)
- {
- if (count > 0) {
- var msg = 'There are ' + count + ' flags of type ' + name + '. ' +
- 'If you delete this type, those flags will also be ' +
- 'deleted.\n\nNote: to deactivate the type instead ' +
- 'of deleting it, edit it and uncheck its "is active" ' +
- 'flag.\n\nDo you really want to delete this flag type?';
- if (!confirm(msg)) return false;
- }
- location.href = "editflagtypes.cgi?action=delete&id=" + id;
- return false; // prevent strict JavaScript warning that this function
- // does not always return a value
- }
- //-->
-</script>
-
[% PROCESS global/footer.html.tmpl %]
@@ -157,9 +138,7 @@
<td>[% IF type.request_group %][% type.request_group.name FILTER html %][% END %]</td>
<td>
<a href="editflagtypes.cgi?action=copy&amp;id=[% type.id %]">Copy</a>
- | <a href="editflagtypes.cgi?action=confirmdelete&amp;id=[% type.id %]"
- onclick="return confirmDelete([% type.id %], '[% type.name FILTER js FILTER html %]',
- [% type.flag_count %]);">Delete</a>
+ | <a href="editflagtypes.cgi?action=confirmdelete&amp;id=[% type.id %]">Delete</a>
</td>
</tr>
diff --git a/template/en/default/admin/groups/create.html.tmpl b/template/en/default/admin/groups/create.html.tmpl
index 2b50d73a2..d6422f769 100644
--- a/template/en/default/admin/groups/create.html.tmpl
+++ b/template/en/default/admin/groups/create.html.tmpl
@@ -49,6 +49,7 @@
Insert new group into all existing products.<p>
<input type="submit" id="create" value="Add">
<input type="hidden" name="action" value="new">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p><b>Name</b> is what is used with the B<!-- blah -->ugzilla->user->in_group()
diff --git a/template/en/default/admin/groups/delete.html.tmpl b/template/en/default/admin/groups/delete.html.tmpl
index f5aa7a9b4..22701407a 100644
--- a/template/en/default/admin/groups/delete.html.tmpl
+++ b/template/en/default/admin/groups/delete.html.tmpl
@@ -123,6 +123,7 @@
<p><input type="submit" id="delete" value="Yes, delete">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="group" value="[% gid FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
Go back to the <a href="editgroups.cgi">group list</a>.
diff --git a/template/en/default/admin/groups/edit.html.tmpl b/template/en/default/admin/groups/edit.html.tmpl
index c1d032e1a..6c5771661 100644
--- a/template/en/default/admin/groups/edit.html.tmpl
+++ b/template/en/default/admin/groups/edit.html.tmpl
@@ -214,6 +214,7 @@
<input type="hidden" name="action" value="postchanges">
<input type="hidden" name="group" value="[% group_id FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
Back to the <a href="editgroups.cgi">group list</a>.
diff --git a/template/en/default/admin/keywords/confirm-delete.html.tmpl b/template/en/default/admin/keywords/confirm-delete.html.tmpl
index 89123e2bf..0d68524d7 100755
--- a/template/en/default/admin/keywords/confirm-delete.html.tmpl
+++ b/template/en/default/admin/keywords/confirm-delete.html.tmpl
@@ -45,6 +45,7 @@
<input type="hidden" name="id" value="[% keyword.id FILTER html %]">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="reallydelete" value="1">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" id="delete"
value="Yes, really delete the keyword">
</form>
diff --git a/template/en/default/admin/keywords/create.html.tmpl b/template/en/default/admin/keywords/create.html.tmpl
index 103aa03b2..45d97819e 100755
--- a/template/en/default/admin/keywords/create.html.tmpl
+++ b/template/en/default/admin/keywords/create.html.tmpl
@@ -51,6 +51,7 @@
<input type="hidden" name="id" value="-1">
<input type="submit" id="create" value="Add">
<input type="hidden" name="action" value="new">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p><a href="editkeywords.cgi">Edit other keywords</a>.</p>
diff --git a/template/en/default/admin/keywords/edit.html.tmpl b/template/en/default/admin/keywords/edit.html.tmpl
index 0d3beaf33..81f072b8b 100755
--- a/template/en/default/admin/keywords/edit.html.tmpl
+++ b/template/en/default/admin/keywords/edit.html.tmpl
@@ -66,6 +66,7 @@
<input type="submit" id="update" value="Update">
<input type="hidden" name="action" value="update">
<input type="hidden" name="id" value="[% keyword.id FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p><a href="editkeywords.cgi">Edit other keywords</a>.</p>
diff --git a/template/en/default/admin/milestones/confirm-delete.html.tmpl b/template/en/default/admin/milestones/confirm-delete.html.tmpl
index 1667af3b7..b1f893ffd 100644
--- a/template/en/default/admin/milestones/confirm-delete.html.tmpl
+++ b/template/en/default/admin/milestones/confirm-delete.html.tmpl
@@ -90,6 +90,7 @@
<input type="hidden" name="action" value="delete">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
<input type="hidden" name="milestone" value="[% milestone.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
[% PROCESS admin/milestones/footer.html.tmpl %]
diff --git a/template/en/default/admin/milestones/create.html.tmpl b/template/en/default/admin/milestones/create.html.tmpl
index 8dd23e3de..edace52bf 100644
--- a/template/en/default/admin/milestones/create.html.tmpl
+++ b/template/en/default/admin/milestones/create.html.tmpl
@@ -49,7 +49,7 @@
<input type="submit" id="create" value="Add">
<input type="hidden" name="action" value="new">
<input type="hidden" name='product' value="[% product.name FILTER html %]">
-
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p>
diff --git a/template/en/default/admin/milestones/edit.html.tmpl b/template/en/default/admin/milestones/edit.html.tmpl
index f216166b1..c7aeb031a 100644
--- a/template/en/default/admin/milestones/edit.html.tmpl
+++ b/template/en/default/admin/milestones/edit.html.tmpl
@@ -55,7 +55,7 @@
<input type="hidden" name="action" value="update">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
<input type="submit" id="update" value="Update">
-
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p>
diff --git a/template/en/default/admin/params/editparams.html.tmpl b/template/en/default/admin/params/editparams.html.tmpl
index ef379e75c..ce5442b3a 100644
--- a/template/en/default/admin/params/editparams.html.tmpl
+++ b/template/en/default/admin/params/editparams.html.tmpl
@@ -99,6 +99,7 @@
[% PROCESS admin/params/common.html.tmpl panel = current_panel %]
<input type="hidden" name="section" value="[% current_panel.name FILTER html %]">
<input type="hidden" name="action" value="save">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="reset" value="Reset form">
<input type="submit" name="action" value="Save Changes">
</form>
diff --git a/template/en/default/admin/products/confirm-delete.html.tmpl b/template/en/default/admin/products/confirm-delete.html.tmpl
index 75aeb623a..84f8da569 100644
--- a/template/en/default/admin/products/confirm-delete.html.tmpl
+++ b/template/en/default/admin/products/confirm-delete.html.tmpl
@@ -263,6 +263,7 @@
<input type="submit" id="delete" value="Yes, delete">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="hidden" name="classification"
value="[% classification.name FILTER html %]">
</form>
diff --git a/template/en/default/admin/products/create.html.tmpl b/template/en/default/admin/products/create.html.tmpl
index fd1ed34cc..5fb7d8bd1 100644
--- a/template/en/default/admin/products/create.html.tmpl
+++ b/template/en/default/admin/products/create.html.tmpl
@@ -57,6 +57,7 @@
<input type="hidden" name="subcategory" value="-All-">
<input type="hidden" name="open_name" value="All Open">
<input type="hidden" name="action" value="new">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="hidden" name="classification"
value="[% classification.name FILTER html %]">
</form>
diff --git a/template/en/default/admin/products/edit.html.tmpl b/template/en/default/admin/products/edit.html.tmpl
index 105ec6e74..0371e3343 100644
--- a/template/en/default/admin/products/edit.html.tmpl
+++ b/template/en/default/admin/products/edit.html.tmpl
@@ -132,6 +132,7 @@ versions:</a>
<input type="hidden" name="product_old_name"
value="[% product.name FILTER html %]">
<input type="hidden" name="action" value="update">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="hidden" name="classification"
value="[% classification.name FILTER html %]">
<input type="submit" name="submit" value="Update">
diff --git a/template/en/default/admin/products/groupcontrol/edit.html.tmpl b/template/en/default/admin/products/groupcontrol/edit.html.tmpl
index 174d15869..32b5e9d8c 100644
--- a/template/en/default/admin/products/groupcontrol/edit.html.tmpl
+++ b/template/en/default/admin/products/groupcontrol/edit.html.tmpl
@@ -31,6 +31,7 @@
<form method="post" action="editproducts.cgi">
<input type="hidden" name="action" value="updategroupcontrols">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="hidden" name="classification"
value="[% classification.name FILTER html %]">
diff --git a/template/en/default/admin/settings/edit.html.tmpl b/template/en/default/admin/settings/edit.html.tmpl
index 9ca9226e7..8881fc3dc 100644
--- a/template/en/default/admin/settings/edit.html.tmpl
+++ b/template/en/default/admin/settings/edit.html.tmpl
@@ -85,6 +85,7 @@ page, and the Default Value will automatically apply to everyone.
</table>
<input type="hidden" name="action" value="update">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<table>
<tr>
<td width="150"></td>
diff --git a/template/en/default/admin/users/confirm-delete.html.tmpl b/template/en/default/admin/users/confirm-delete.html.tmpl
index 6f0a565ca..4c348fa10 100644
--- a/template/en/default/admin/users/confirm-delete.html.tmpl
+++ b/template/en/default/admin/users/confirm-delete.html.tmpl
@@ -448,6 +448,7 @@
<input type="submit" id="delete" value="Yes, delete"/>
<input type="hidden" name="action" value="delete" />
<input type="hidden" name="userid" value="[% otheruser.id %]" />
+ <input type="hidden" name="token" value="[% token FILTER html %]">
[% INCLUDE listselectionhiddenfields %]
</p>
</form>
diff --git a/template/en/default/admin/users/create.html.tmpl b/template/en/default/admin/users/create.html.tmpl
index 4cef3884a..66cdd91e0 100644
--- a/template/en/default/admin/users/create.html.tmpl
+++ b/template/en/default/admin/users/create.html.tmpl
@@ -41,6 +41,7 @@
<p>
<input type="submit" id="add" value="Add"/>
<input type="hidden" name="action" value="new" />
+ <input type="hidden" name="token" value="[% token FILTER html %]">
[% INCLUDE listselectionhiddenfields %]
</p>
</form>
diff --git a/template/en/default/admin/users/edit.html.tmpl b/template/en/default/admin/users/edit.html.tmpl
index b0cc21082..61778ad93 100644
--- a/template/en/default/admin/users/edit.html.tmpl
+++ b/template/en/default/admin/users/edit.html.tmpl
@@ -106,6 +106,7 @@
<input type="submit" id="update" value="Update" />
<input type="hidden" name="userid" value="[% otheruser.id %]" />
<input type="hidden" name="action" value="update" />
+ <input type="hidden" name="token" value="[% token FILTER html %]">
[% INCLUDE listselectionhiddenfields %]
or <a href="editusers.cgi?action=activity&amp;userid=[% otheruser.id %]"
diff --git a/template/en/default/admin/versions/confirm-delete.html.tmpl b/template/en/default/admin/versions/confirm-delete.html.tmpl
index feef86035..5d5fb8193 100644
--- a/template/en/default/admin/versions/confirm-delete.html.tmpl
+++ b/template/en/default/admin/versions/confirm-delete.html.tmpl
@@ -92,6 +92,7 @@
<input type="hidden" name="action" value="delete">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
<input type="hidden" name="version" value="[% version.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
[% END %]
diff --git a/template/en/default/admin/versions/create.html.tmpl b/template/en/default/admin/versions/create.html.tmpl
index 44d43cab4..c421ab12b 100644
--- a/template/en/default/admin/versions/create.html.tmpl
+++ b/template/en/default/admin/versions/create.html.tmpl
@@ -43,7 +43,7 @@
<input type="submit" id="create" value="Add">
<input type="hidden" name="action" value="new">
<input type="hidden" name='product' value="[% product.name FILTER html %]">
-
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p>
diff --git a/template/en/default/admin/versions/edit.html.tmpl b/template/en/default/admin/versions/edit.html.tmpl
index 7f0de2677..cfdfd4981 100644
--- a/template/en/default/admin/versions/edit.html.tmpl
+++ b/template/en/default/admin/versions/edit.html.tmpl
@@ -48,8 +48,8 @@
<input type="hidden" name="versionold" value="[% version.name FILTER html %]">
<input type="hidden" name="action" value="update">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" id="update" value="Update">
-
</form>
<p>
diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index d9a3e1913..0c37234ff 100644
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -512,7 +512,6 @@
'admin/flag-type/list.html.tmpl' => [
'type.id',
- 'type.flag_count',
],
diff --git a/template/en/default/whine/schedule.html.tmpl b/template/en/default/whine/schedule.html.tmpl
index c7370a3e1..28fceabab 100644
--- a/template/en/default/whine/schedule.html.tmpl
+++ b/template/en/default/whine/schedule.html.tmpl
@@ -82,6 +82,7 @@
<input type="submit" value="Update / Commit" name="commit"
style="display: none;" id="commit">
<input type="hidden" name="update" value="1">
+<input type="hidden" name="token" value="[% token FILTER html %]">
[% FOREACH event = events %]
diff --git a/token.cgi b/token.cgi
index 30913642e..282d2fcbb 100755
--- a/token.cgi
+++ b/token.cgi
@@ -378,7 +378,7 @@ sub confirm_create_account {
cryptpassword => $cgi->param('passwd1')});
# Now delete this token.
- Bugzilla::Token::DeleteToken($::token);
+ delete_token($::token);
# Let the user know that his user account has been successfully created.
$vars->{'message'} = 'account_created';