Bug 26257: [SECURITY] Bugzilla should prevent malicious webpages from making bugzilla users submit changes to bugs - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit

author: lpsolit%gmail.com <> 2009-02-02 19:33:29 +0100
committer: lpsolit%gmail.com <> 2009-02-02 19:33:29 +0100
commit: dc51769c9f7fb84ac2e43112f2d106a4770f5781 (patch)
tree: 2e33c5042d7608871c661a843c3c991da07693d7 /Bugzilla/Template.pm
parent: 8d70890dc0b7c24b25a344808ac4e63e6a5dd74e (diff)
download: bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.gz
bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm
index 688c53386..8c34bb493 100644
--- a/Bugzilla/Template.pm
+++ b/Bugzilla/Template.pm
@@ -41,6 +41,7 @@ use Bugzilla::Util;
 use Bugzilla::User;
 use Bugzilla::Error;
 use Bugzilla::Status;
+use Bugzilla::Token;
 use Bugzilla::Template::Parser;
 
 use Cwd qw(abs_path);
@@ -765,6 +766,9 @@ sub create {
                 return $docs_urlbase;
             },
 
+            # Allow templates to generate a token themselves.
+            'issue_hash_token' => \&Bugzilla::Token::issue_hash_token,
+
             # These don't work as normal constants.
             DB_MODULE        => \&Bugzilla::Constants::DB_MODULE,
             REQUIRED_MODULES =>
author	lpsolit%gmail.com <>	2009-02-02 19:33:29 +0100
committer	lpsolit%gmail.com <>	2009-02-02 19:33:29 +0100
commit	dc51769c9f7fb84ac2e43112f2d106a4770f5781 (patch)
tree	2e33c5042d7608871c661a843c3c991da07693d7 /Bugzilla/Template.pm
parent	8d70890dc0b7c24b25a344808ac4e63e6a5dd74e (diff)
download	bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.gz bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.xz