summaryrefslogtreecommitdiffstats
path: root/editcomponents.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-15 07:02:09 +0200
committerlpsolit%gmail.com <>2006-10-15 07:02:09 +0200
commit93815fc7619567cc962e053280c5ed0b19492feb (patch)
treeffc99d8156c41fbd0d5ab8801324adead2ef4436 /editcomponents.cgi
parent6fcfcb93eda16108f71b4c96010bae95cde622cd (diff)
downloadbugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz
bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.xz
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editcomponents.cgi')
-rwxr-xr-xeditcomponents.cgi20
1 files changed, 14 insertions, 6 deletions
diff --git a/editcomponents.cgi b/editcomponents.cgi
index cc81cece7..2ff41d628 100755
--- a/editcomponents.cgi
+++ b/editcomponents.cgi
@@ -39,6 +39,7 @@ use Bugzilla::User;
use Bugzilla::Product;
use Bugzilla::Component;
use Bugzilla::Bug;
+use Bugzilla::Token;
###############
# Subroutines #
@@ -86,6 +87,7 @@ my $product_name = trim($cgi->param('product') || '');
my $comp_name = trim($cgi->param('component') || '');
my $action = trim($cgi->param('action') || '');
my $showbugcounts = (defined $cgi->param('showbugcounts'));
+my $token = $cgi->param('token');
#
# product = '' -> Show nice list of products
@@ -130,7 +132,7 @@ unless ($action) {
#
if ($action eq 'add') {
-
+ $vars->{'token'} = issue_session_token('add_component');
$vars->{'product'} = $product;
$template->process("admin/components/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -145,7 +147,7 @@ if ($action eq 'add') {
#
if ($action eq 'new') {
-
+ check_token_data($token, 'add_component');
# Do the user matching
Bugzilla::User::match_field ($cgi, {
'initialowner' => { 'type' => 'single' },
@@ -244,6 +246,8 @@ if ($action eq 'new') {
$vars->{'comp'} = $component;
$vars->{'product'} = $product;
+ delete_token($token);
+
$template->process("admin/components/created.html.tmpl",
$vars)
|| ThrowTemplateError($template->error());
@@ -260,7 +264,7 @@ if ($action eq 'new') {
#
if ($action eq 'del') {
-
+ $vars->{'token'} = issue_session_token('delete_component');
$vars->{'comp'} =
Bugzilla::Component::check_component($product, $comp_name);
@@ -279,7 +283,7 @@ if ($action eq 'del') {
#
if ($action eq 'delete') {
-
+ check_token_data($token, 'delete_component');
my $component =
Bugzilla::Component::check_component($product, $comp_name);
@@ -313,6 +317,8 @@ if ($action eq 'delete') {
$vars->{'comp'} = $component;
$vars->{'product'} = $product;
+ delete_token($token);
+
$template->process("admin/components/deleted.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -327,7 +333,7 @@ if ($action eq 'delete') {
#
if ($action eq 'edit') {
-
+ $vars->{'token'} = issue_session_token('edit_component');
my $component =
Bugzilla::Component::check_component($product, $comp_name);
$vars->{'comp'} = $component;
@@ -351,7 +357,7 @@ if ($action eq 'edit') {
#
if ($action eq 'update') {
-
+ check_token_data($token, 'edit_component');
# Do the user matching
Bugzilla::User::match_field ($cgi, {
'initialowner' => { 'type' => 'single' },
@@ -459,6 +465,8 @@ if ($action eq 'update') {
$vars->{'initial_cc_names'} =
join(', ', map($_->login, @{$component->initial_cc}));
$vars->{'product'} = $product;
+ delete_token($token);
+
$template->process("admin/components/updated.html.tmpl",
$vars)
|| ThrowTemplateError($template->error());