Bug 26257: [SECURITY] Bugzilla should prevent malicious webpages from making bugzilla users submit changes to bugs - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit

author: lpsolit%gmail.com <> 2009-02-02 19:33:29 +0100
committer: lpsolit%gmail.com <> 2009-02-02 19:33:29 +0100
commit: dc51769c9f7fb84ac2e43112f2d106a4770f5781 (patch)
tree: 2e33c5042d7608871c661a843c3c991da07693d7 /buglist.cgi
parent: 8d70890dc0b7c24b25a344808ac4e63e6a5dd74e (diff)
download: bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.gz
bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/buglist.cgi b/buglist.cgi
index d51112a5c..f5284439c 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -47,6 +47,7 @@ use Bugzilla::Product;
 use Bugzilla::Keyword;
 use Bugzilla::Field;
 use Bugzilla::Status;
+use Bugzilla::Token;
 
 use Date::Parse;
 
@@ -1241,6 +1242,7 @@ if ($dotweak && scalar @bugs) {
     }
     $vars->{'dotweak'} = 1;
     $vars->{'use_keywords'} = 1 if Bugzilla::Keyword::keyword_count();
+    $vars->{'token'} = issue_session_token('buglist_mass_change');
 
     $vars->{'products'} = Bugzilla->user->get_enterable_products;
     $vars->{'platforms'} = get_legal_field_values('rep_platform');
author	lpsolit%gmail.com <>	2009-02-02 19:33:29 +0100
committer	lpsolit%gmail.com <>	2009-02-02 19:33:29 +0100
commit	dc51769c9f7fb84ac2e43112f2d106a4770f5781 (patch)
tree	2e33c5042d7608871c661a843c3c991da07693d7 /buglist.cgi
parent	8d70890dc0b7c24b25a344808ac4e63e6a5dd74e (diff)
download	bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.gz bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.xz