summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2011-12-13 23:30:07 +0100
committerReed Loden <reed@reedloden.com>2011-12-13 23:30:07 +0100
commita6aa75fc6f96527f01e8b4f0da414d9fa8ad8ce1 (patch)
tree4fd1b57b81d9467912099f4ac3b71fd9af0abd3a /Bugzilla
parent0133e0b65b1d73d87604b9f94b92c712206137e3 (diff)
downloadbugzilla-a6aa75fc6f96527f01e8b4f0da414d9fa8ad8ce1.tar.gz
bugzilla-a6aa75fc6f96527f01e8b4f0da414d9fa8ad8ce1.tar.xz
Bug 705474 - CSRF vulnerability in createaccount.cgi allows possible unauthorized account creation e-mail request
[r=mkanat a=mkanat]
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Token.pm9
1 files changed, 7 insertions, 2 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 86220aa29..2bb68e721 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -176,9 +176,14 @@ sub issue_hash_token {
$data ||= [];
$time ||= time();
+ # For the user ID, use the actual ID if the user is logged in.
+ # Otherwise, use the remote IP, in case this is for something
+ # such as creating an account or logging in.
+ my $user_id = Bugzilla->user->id || remote_ip();
+
# The concatenated string is of the form
- # token creation time + site-wide secret + user ID + data
- my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, Bugzilla->user->id, @$data);
+ # token creation time + site-wide secret + user ID (either ID or remote IP) + data
+ my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, $user_id, @$data);
my $token = join('*', @args);
# Wide characters cause md5_hex() to die.