diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2014-04-17 18:11:12 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2014-04-17 18:11:12 +0200 |
commit | 0e390970ba51b14a5dc780be7c6f0d6d7baa67e3 (patch) | |
tree | 5e3a8751012a0c99769129494d1863a3a9ca5d9f /Bugzilla/Auth.pm | |
parent | b639a1a7f4ed58f8d30058509444e44be3095f53 (diff) | |
download | bugzilla-0e390970ba51b14a5dc780be7c6f0d6d7baa67e3.tar.gz bugzilla-0e390970ba51b14a5dc780be7c6f0d6d7baa67e3.tar.xz |
Bug 713926: (CVE-2014-1517) [SECURITY] Login form lacks CSRF protection
r=dkl a=justdave
Diffstat (limited to 'Bugzilla/Auth.pm')
-rw-r--r-- | Bugzilla/Auth.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index 6b291d8ae..42e4ee784 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -153,7 +153,7 @@ sub _handle_login_result { if ($self->{_info_getter}->{successful}->requires_persistence and !Bugzilla->request_cache->{auth_no_automatic_login}) { - $self->{_persister}->persist_login($user); + $user->{_login_token} = $self->{_persister}->persist_login($user); } } elsif ($fail_code == AUTH_ERROR) { |