diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2012-04-18 19:00:42 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-04-18 19:00:42 +0200 |
| commit | af3e4c43b0ad6267669d2e987d6ae3acdde70253 (patch) | |
| tree | 00198b476d3e16235d38b5c92e8d83a074fff41d /buglist.cgi | |
| parent | 935031c50d693cb8d8a1c4c8e1567df6310766da (diff) | |
| download | bugzilla-af3e4c43b0ad6267669d2e987d6ae3acdde70253.tar.gz bugzilla-af3e4c43b0ad6267669d2e987d6ae3acdde70253.tar.xz | |
Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists permits attackers to access all bugs that the victim can see
r=glob a=LpSolit
Diffstat (limited to 'buglist.cgi')
| -rwxr-xr-x | buglist.cgi | 10 |
1 files changed, 0 insertions, 10 deletions
diff --git a/buglist.cgi b/buglist.cgi index ca51e6243..d4ddfbd63 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -112,16 +112,6 @@ if (defined $cgi->param('ctype') && $cgi->param('ctype') eq "rss") { $cgi->param('ctype', "atom"); } -# The js ctype presents a security risk; a malicious site could use it -# to gather information about secure bugs. So, we only allow public bugs to be -# retrieved with this format. -# -# Note that if and when this call clears cookies or has other persistent -# effects, we'll need to do this another way instead. -if ((defined $cgi->param('ctype')) && ($cgi->param('ctype') eq "js")) { - Bugzilla->logout_request(); -} - # An agent is a program that automatically downloads and extracts data # on its user's behalf. If this request comes from an agent, we turn off # various aspects of bug list functionality so agent requests succeed |