diff options
author | Dylan Hardison <dylan@mozilla.com> | 2015-11-05 06:28:14 +0100 |
---|---|---|
committer | Dylan Hardison <dylan@mozilla.com> | 2015-11-05 06:28:14 +0100 |
commit | 534fc2123e40b7517aeaffd709faf72af97ac3b8 (patch) | |
tree | 18ad69c8fb22e213ee3256c0768e35dd964d2156 /Bugzilla.pm | |
parent | 67d9618771441215d8c431b81bf66acd4faa2aa1 (diff) | |
download | bugzilla-534fc2123e40b7517aeaffd709faf72af97ac3b8.tar.gz bugzilla-534fc2123e40b7517aeaffd709faf72af97ac3b8.tar.xz |
Bug 1196743 - Fix information disclosure vulnerability that allows attacker to obtain victim's GitHub OAuth return code
Diffstat (limited to 'Bugzilla.pm')
-rw-r--r-- | Bugzilla.pm | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm index 96f7cd0d2..a219d5bde 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -353,6 +353,16 @@ sub page_requires_login { return $_[0]->request_cache->{page_requires_login}; } +sub github_secret { + my ($class) = @_; + my $cache = $class->request_cache; + my $cgi = $class->cgi; + + $cache->{github_secret} //= $cgi->cookie('github_secret') // generate_random_password(16); + + return $cache->{github_secret}; +} + sub login { my ($class, $type) = @_; |