Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized setting of default search options

[r=LpSolit a=LpSolit]
author: Reed Loden <reed@reedloden.com> 2012-05-29 17:23:18 +0200
committer: Reed Loden <reed@reedloden.com> 2012-05-29 17:23:18 +0200
commit: 6b9b50db744c603dbfa0c7ae5aac8dca4e58b0cd (patch)
tree: 4d43b6272f1889ad125b93539a2b5420c5d3202c /buglist.cgi
parent: 3004a5e322c3a95c7e51978b917f1547c382bac9 (diff)
download: bugzilla-6b9b50db744c603dbfa0c7ae5aac8dca4e58b0cd.tar.gz
bugzilla-6b9b50db744c603dbfa0c7ae5aac8dca4e58b0cd.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/buglist.cgi b/buglist.cgi
index d4ddfbd63..fcd268959 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -461,6 +461,8 @@ if ($cmdtype eq "dorem") {
 elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) {
     if ($cgi->param('remtype') eq "asdefault") {
         $user = Bugzilla->login(LOGIN_REQUIRED);
+        my $token = $cgi->param('token');
+        check_hash_token($token, ['searchknob']);
         InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer);
         $vars->{'message'} = "buglist_new_default_query";
     }
author	Reed Loden <reed@reedloden.com>	2012-05-29 17:23:18 +0200
committer	Reed Loden <reed@reedloden.com>	2012-05-29 17:23:18 +0200
commit	6b9b50db744c603dbfa0c7ae5aac8dca4e58b0cd (patch)
tree	4d43b6272f1889ad125b93539a2b5420c5d3202c /buglist.cgi
parent	3004a5e322c3a95c7e51978b917f1547c382bac9 (diff)
download	bugzilla-6b9b50db744c603dbfa0c7ae5aac8dca4e58b0cd.tar.gz bugzilla-6b9b50db744c603dbfa0c7ae5aac8dca4e58b0cd.tar.xz