diff options
author | lpsolit%gmail.com <> | 2009-02-02 19:33:29 +0100 |
---|---|---|
committer | lpsolit%gmail.com <> | 2009-02-02 19:33:29 +0100 |
commit | dc51769c9f7fb84ac2e43112f2d106a4770f5781 (patch) | |
tree | 2e33c5042d7608871c661a843c3c991da07693d7 /Bugzilla/Install | |
parent | 8d70890dc0b7c24b25a344808ac4e63e6a5dd74e (diff) | |
download | bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.gz bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.xz |
Bug 26257: [SECURITY] Bugzilla should prevent malicious webpages from making bugzilla users submit changes to bugs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'Bugzilla/Install')
-rw-r--r-- | Bugzilla/Install/Localconfig.pm | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm index 45005f032..654b44b9f 100644 --- a/Bugzilla/Install/Localconfig.pm +++ b/Bugzilla/Install/Localconfig.pm @@ -32,6 +32,7 @@ use strict; use Bugzilla::Constants; use Bugzilla::Install::Util qw(bin_loc); +use Bugzilla::Util qw(generate_random_password); use Data::Dumper; use File::Basename qw(dirname); @@ -185,6 +186,18 @@ EOT # Please specify the directory name only; do not use trailing slash. EOT }, + { + name => 'site_wide_secret', + default => generate_random_password(256), + desc => <<EOT +# This secret key is used by your installation for the creation and +# validation of encrypted tokens to prevent unsolicited changes, +# such as bug changes. A random string is generated by default. +# It's very important that this key is kept secret. It also must be +# very long. + +EOT + }, ); sub read_localconfig { |