diff options
| author | lpsolit%gmail.com <> | 2006-10-15 07:02:09 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-10-15 07:02:09 +0200 |
| commit | 93815fc7619567cc962e053280c5ed0b19492feb (patch) | |
| tree | ffc99d8156c41fbd0d5ab8801324adead2ef4436 /editkeywords.cgi | |
| parent | 6fcfcb93eda16108f71b4c96010bae95cde622cd (diff) | |
| download | bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.xz | |
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editkeywords.cgi')
| -rwxr-xr-x | editkeywords.cgi | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/editkeywords.cgi b/editkeywords.cgi index bf130768e..3aca22e43 100755 --- a/editkeywords.cgi +++ b/editkeywords.cgi @@ -28,6 +28,7 @@ use Bugzilla::Constants; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::Keyword; +use Bugzilla::Token; my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -49,6 +50,8 @@ $user->in_group('editkeywords') my $action = trim($cgi->param('action') || ''); my $key_id = $cgi->param('id'); +my $token = $cgi->param('token'); + $vars->{'action'} = $action; @@ -64,6 +67,8 @@ if ($action eq "") { if ($action eq 'add') { + $vars->{'token'} = issue_session_token('add_keyword'); + print $cgi->header(); $template->process("admin/keywords/create.html.tmpl", $vars) @@ -76,12 +81,15 @@ if ($action eq 'add') { # action='new' -> add keyword entered in the 'action=add' screen # if ($action eq 'new') { + check_token_data($token, 'add_keyword'); my $name = $cgi->param('name') || ''; my $desc = $cgi->param('description') || ''; my $keyword = Bugzilla::Keyword->create( { name => $name, description => $desc }); + delete_token($token); + print $cgi->header(); $vars->{'name'} = $keyword->name; @@ -104,6 +112,7 @@ if ($action eq 'edit') { || ThrowCodeError('invalid_keyword_id', { id => $key_id }); $vars->{'keyword'} = $keyword; + $vars->{'token'} = issue_session_token('edit_keyword'); print $cgi->header(); $template->process("admin/keywords/edit.html.tmpl", $vars) @@ -117,6 +126,7 @@ if ($action eq 'edit') { # if ($action eq 'update') { + check_token_data($token, 'edit_keyword'); my $keyword = new Bugzilla::Keyword($key_id) || ThrowCodeError('invalid_keyword_id', { id => $key_id }); @@ -124,6 +134,8 @@ if ($action eq 'update') { $keyword->set_description($cgi->param('description')); $keyword->update(); + delete_token($token); + print $cgi->header(); $vars->{'keyword'} = $keyword; @@ -140,16 +152,25 @@ if ($action eq 'delete') { $vars->{'keyword'} = $keyword; + # We need this token even if there is no bug using this keyword. + $token = issue_session_token('delete_keyword'); + if (!$cgi->param('reallydelete') && $keyword->bug_count) { + $vars->{'token'} = $token; + print $cgi->header(); $template->process("admin/keywords/confirm-delete.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; } + # We cannot do this check earlier as we have to check 'reallydelete' first. + check_token_data($token, 'delete_keyword'); $dbh->do('DELETE FROM keywords WHERE keywordid = ?', undef, $keyword->id); $dbh->do('DELETE FROM keyworddefs WHERE id = ?', undef, $keyword->id); + delete_token($token); + print $cgi->header(); $template->process("admin/keywords/rebuild-cache.html.tmpl", $vars) |