Bug 1157395: CSRF in log in form

author: David Lawrence <dkl@mozilla.com> 2015-04-24 17:56:26 +0200
committer: David Lawrence <dkl@mozilla.com> 2015-04-24 17:56:26 +0200
commit: 283be21f66e638667bc2ec7720cab459ecf1f698 (patch)
tree: cdbfbb79d503373bb2058a96f369cf75542dbe3b /Bugzilla/CGI.pm
parent: ed92da4fed393bb0f645f7bad022d49fed336a2f (diff)
download: bugzilla-283be21f66e638667bc2ec7720cab459ecf1f698.tar.gz
bugzilla-283be21f66e638667bc2ec7720cab459ecf1f698.tar.xz
1 files changed, 13 insertions, 0 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index a12fb284b..552da28ea 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -331,6 +331,7 @@ sub close_standby_message {
 # Override header so we can add the cookies in
 sub header {
     my $self = shift;
+    my $user = Bugzilla->user;
 
     # If there's only one parameter, then it's a Content-Type.
     if (scalar(@_) == 1) {
@@ -338,6 +339,18 @@ sub header {
         unshift(@_, '-type' => shift(@_));
     }
 
+    if (!$user->id && $user->authorizer->can_login
+        && !$self->cookie('Bugzilla_login_request_cookie'))
+    {
+        my %args;
+        $args{'-secure'} = 1 if Bugzilla->params->{ssl_redirect};
+
+        $self->send_cookie(-name => 'Bugzilla_login_request_cookie',
+                           -value => generate_random_password(),
+                           -httponly => 1,
+                           %args);
+    }
+
     # Add the cookies in if we have any
     if (scalar(@{$self->{Bugzilla_cookie_list}})) {
         unshift(@_, '-cookie' => $self->{Bugzilla_cookie_list});
author	David Lawrence <dkl@mozilla.com>	2015-04-24 17:56:26 +0200
committer	David Lawrence <dkl@mozilla.com>	2015-04-24 17:56:26 +0200
commit	283be21f66e638667bc2ec7720cab459ecf1f698 (patch)
tree	cdbfbb79d503373bb2058a96f369cf75542dbe3b /Bugzilla/CGI.pm
parent	ed92da4fed393bb0f645f7bad022d49fed336a2f (diff)
download	bugzilla-283be21f66e638667bc2ec7720cab459ecf1f698.tar.gz bugzilla-283be21f66e638667bc2ec7720cab459ecf1f698.tar.xz