diff options
| author | lpsolit%gmail.com <> | 2008-11-06 01:38:49 +0100 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2008-11-06 01:38:49 +0100 |
| commit | c4c473b908a62eaf839a61b657397a9c66b1f82c (patch) | |
| tree | f7672c20a23ed8f6bdbbe37bc4705b00d4a6673e | |
| parent | bbc78743ea55f5907dc7d37fb65020a0b6f26c9e (diff) | |
| download | bugzilla-c4c473b908a62eaf839a61b657397a9c66b1f82c.tar.gz bugzilla-c4c473b908a62eaf839a61b657397a9c66b1f82c.tar.xz | |
Bug 449931: [SECURITY] Unprivileged users can approve/unapprove all the quips (including bypassing moderation) - Patch by Robin H. Johnson <robbat2@gentoo.org> r/a=LpSolit
| -rwxr-xr-x | quips.cgi | 22 | ||||
| -rw-r--r-- | template/en/default/global/user-error.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/list/quips.html.tmpl | 3 |
3 files changed, 22 insertions, 5 deletions
@@ -88,6 +88,11 @@ if ($action eq "add") { } if ($action eq 'approve') { + $user->in_group('admin') + || ThrowUserError("auth_failure", {group => "admin", + action => "approve", + object => "quips"}); + # Read in the entire quip list my $quipsref = $dbh->selectall_arrayref("SELECT quipid, approved FROM quips"); @@ -100,11 +105,18 @@ if ($action eq 'approve') { my @approved; my @unapproved; foreach my $quipid (keys %quips) { - my $form = $cgi->param('quipid_'.$quipid) ? 1 : 0; - if($quips{$quipid} ne $form) { - if($form) { push(@approved, $quipid); } - else { push(@unapproved, $quipid); } - } + # Must check for each quipid being defined for concurrency and + # automated usage where only one quipid might be defined. + my $quip = $cgi->param("quipid_$quipid") ? 1 : 0; + if(defined($cgi->param("defined_quipid_$quipid"))) { + if($quips{$quipid} != $quip) { + if($quip) { + push(@approved, $quipid); + } else { + push(@unapproved, $quipid); + } + } + } } $dbh->do("UPDATE quips SET approved = 1 WHERE quipid IN (" . join(",", @approved) . ")") if($#approved > -1); diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index f4ea42ccf..0936847f5 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -146,6 +146,8 @@ schedule [% ELSIF action == "use" %] use + [% ELSIF action == "approve" %] + approve [% END %] [% IF object == "administrative_pages" %] diff --git a/template/en/default/list/quips.html.tmpl b/template/en/default/list/quips.html.tmpl index b8359ffc6..1404b2e35 100644 --- a/template/en/default/list/quips.html.tmpl +++ b/template/en/default/list/quips.html.tmpl @@ -124,6 +124,9 @@ </a> </td> <td> + <input type="hidden" name="defined_quipid_[% quipid FILTER html %]" + id="defined_quipid_[% quipid FILTER html %]" + value="1"> <input type="checkbox" name="quipid_[% quipid FILTER html %]" id="quipid_[% quipid FILTER html %]" [%- ' checked="checked"' IF quips.$quipid.approved %]> |