summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@mozilla.com>2016-05-03 15:59:02 +0200
committerDavid Lawrence <dkl@mozilla.com>2016-05-03 15:59:02 +0200
commit64df9b75f1691629a6b7ad234d513d905dba2b2a (patch)
tree0c93e4cadf6fe881f89fffa137db6de783f827f7 /Bugzilla
parentc3b2af3a094fe881a8cd2ab2a01c694ea622e95b (diff)
downloadbugzilla-64df9b75f1691629a6b7ad234d513d905dba2b2a.tar.gz
bugzilla-64df9b75f1691629a6b7ad234d513d905dba2b2a.tar.xz
Bug 1268989 - Inefficient check of "Bugzilla_api_token" might lead to CSRF/data disclosure vulnerability in Bugzilla's REST API
r=dkl
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Auth/Login/Cookie.pm15
1 files changed, 6 insertions, 9 deletions
diff --git a/Bugzilla/Auth/Login/Cookie.pm b/Bugzilla/Auth/Login/Cookie.pm
index b67fb73db..d8bf2f08f 100644
--- a/Bugzilla/Auth/Login/Cookie.pm
+++ b/Bugzilla/Auth/Login/Cookie.pm
@@ -55,15 +55,7 @@ sub get_login_info {
# If the call is for a web service, and an api token is provided, check
# it is valid.
if (i_am_webservice()) {
- if ($login_cookie
- && Bugzilla->usage_mode == USAGE_MODE_REST
- && !exists Bugzilla->input_params->{Bugzilla_api_token})
- {
- # REST requires an api-token when using cookie authentication
- # fall back to a non-authenticated request
- $login_cookie = '';
-
- } elsif (Bugzilla->input_params->{Bugzilla_api_token}) {
+ if (exists Bugzilla->input_params->{Bugzilla_api_token}) {
my $api_token = Bugzilla->input_params->{Bugzilla_api_token};
my ($token_user_id, undef, undef, $token_type)
= Bugzilla::Token::GetTokenData($api_token);
@@ -74,6 +66,11 @@ sub get_login_info {
ThrowUserError('auth_invalid_token', { token => $api_token });
}
}
+ elsif ($login_cookie && Bugzilla->usage_mode == USAGE_MODE_REST) {
+ # REST requires an api-token when using cookie authentication
+ # fall back to a non-authenticated request
+ $login_cookie = '';
+ }
}
}