diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2014-04-17 18:11:12 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2014-04-17 18:11:12 +0200 |
| commit | 0e390970ba51b14a5dc780be7c6f0d6d7baa67e3 (patch) | |
| tree | 5e3a8751012a0c99769129494d1863a3a9ca5d9f /Bugzilla/CGI.pm | |
| parent | b639a1a7f4ed58f8d30058509444e44be3095f53 (diff) | |
| download | bugzilla-0e390970ba51b14a5dc780be7c6f0d6d7baa67e3.tar.gz bugzilla-0e390970ba51b14a5dc780be7c6f0d6d7baa67e3.tar.xz | |
Bug 713926: (CVE-2014-1517) [SECURITY] Login form lacks CSRF protection
r=dkl a=justdave
Diffstat (limited to 'Bugzilla/CGI.pm')
| -rw-r--r-- | Bugzilla/CGI.pm | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index d7e81d793..48b4fb0bf 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -291,7 +291,8 @@ sub header { my $self = shift; my %headers; - + my $user = Bugzilla->user; + # If there's only one parameter, then it's a Content-Type. if (scalar(@_) == 1) { %headers = ('-type' => shift(@_)); @@ -304,6 +305,18 @@ sub header { $headers{'-content_disposition'} = $self->{'_content_disp'}; } + if (!$user->id && $user->authorizer->can_login + && !$self->cookie('Bugzilla_login_request_cookie')) + { + my %args; + $args{'-secure'} = 1 if Bugzilla->params->{ssl_redirect}; + + $self->send_cookie(-name => 'Bugzilla_login_request_cookie', + -value => generate_random_password(), + -httponly => 1, + %args); + } + # Add the cookies in if we have any if (scalar(@{$self->{Bugzilla_cookie_list}})) { $headers{'-cookie'} = $self->{Bugzilla_cookie_list}; |