diff options
author | Dylan Hardison <dylan@mozilla.com> | 2015-11-05 06:28:14 +0100 |
---|---|---|
committer | Dylan Hardison <dylan@mozilla.com> | 2015-11-05 06:28:14 +0100 |
commit | 534fc2123e40b7517aeaffd709faf72af97ac3b8 (patch) | |
tree | 18ad69c8fb22e213ee3256c0768e35dd964d2156 /Bugzilla/Token.pm | |
parent | 67d9618771441215d8c431b81bf66acd4faa2aa1 (diff) | |
download | bugzilla-534fc2123e40b7517aeaffd709faf72af97ac3b8.tar.gz bugzilla-534fc2123e40b7517aeaffd709faf72af97ac3b8.tar.xz |
Bug 1196743 - Fix information disclosure vulnerability that allows attacker to obtain victim's GitHub OAuth return code
Diffstat (limited to 'Bugzilla/Token.pm')
-rw-r--r-- | Bugzilla/Token.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 3c5261821..6e3095549 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -237,7 +237,7 @@ sub issue_short_lived_session_token { # the token to the caller. $user //= Bugzilla->user; - return _create_token($user->id, 'session.short', $data); + return _create_token($user->id ? $user->id : undef, 'session.short', $data); } sub issue_hash_token { |