summaryrefslogtreecommitdiffstats
path: root/editproducts.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-15 07:02:09 +0200
committerlpsolit%gmail.com <>2006-10-15 07:02:09 +0200
commit93815fc7619567cc962e053280c5ed0b19492feb (patch)
treeffc99d8156c41fbd0d5ab8801324adead2ef4436 /editproducts.cgi
parent6fcfcb93eda16108f71b4c96010bae95cde622cd (diff)
downloadbugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz
bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.xz
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editproducts.cgi')
-rwxr-xr-xeditproducts.cgi26
1 files changed, 19 insertions, 7 deletions
diff --git a/editproducts.cgi b/editproducts.cgi
index 4c4394926..6fc5da258 100755
--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -47,6 +47,7 @@ use Bugzilla::Milestone;
use Bugzilla::Group;
use Bugzilla::User;
use Bugzilla::Field;
+use Bugzilla::Token;
#
# Preliminary checks:
@@ -74,6 +75,7 @@ my $classification_name = trim($cgi->param('classification') || '');
my $product_name = trim($cgi->param('product') || '');
my $action = trim($cgi->param('action') || '');
my $showbugcounts = (defined $cgi->param('showbugcounts'));
+my $token = $cgi->param('token');
#
# product = '' -> Show nice list of classifications (if
@@ -128,12 +130,13 @@ if (!$action && !$product_name) {
#
if ($action eq 'add') {
-
if (Bugzilla->params->{'useclassification'}) {
my $classification =
Bugzilla::Classification::check_classification($classification_name);
$vars->{'classification'} = $classification;
}
+ $vars->{'token'} = issue_session_token('add_product');
+
$template->process("admin/products/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -146,7 +149,7 @@ if ($action eq 'add') {
#
if ($action eq 'new') {
-
+ check_token_data($token, 'add_product');
# Cleanups and validity checks
my $classification_id = 1;
@@ -306,6 +309,8 @@ if ($action eq 'new') {
$series->writeToDatabase();
}
}
+ delete_token($token);
+
$vars->{'product'} = $product;
$template->process("admin/products/created.html.tmpl", $vars)
@@ -339,6 +344,7 @@ if ($action eq 'del') {
}
$vars->{'product'} = $product;
+ $vars->{'token'} = issue_session_token('delete_product');
$template->process("admin/products/confirm-delete.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -350,6 +356,7 @@ if ($action eq 'del') {
#
if ($action eq 'delete') {
+ check_token_data($token, 'delete_product');
# First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
@@ -413,6 +420,8 @@ if ($action eq 'delete') {
$dbh->bz_unlock_tables();
+ delete_token($token);
+
$template->process("admin/products/deleted.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
exit;
@@ -467,9 +476,9 @@ if ($action eq 'edit' || (!$action && $product_name)) {
}
}
$vars->{'group_controls'} = $group_controls;
-
$vars->{'product'} = $product;
-
+ $vars->{'token'} = issue_session_token('edit_product');
+
$template->process("admin/products/edit.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -481,6 +490,7 @@ if ($action eq 'edit' || (!$action && $product_name)) {
#
if ($action eq 'updategroupcontrols') {
+ check_token_data($token, 'edit_group_controls');
# First make sure the product name is valid.
my $product = Bugzilla::Product::check_product($product_name);
@@ -722,10 +732,10 @@ if ($action eq 'updategroupcontrols') {
}
$dbh->bz_unlock_tables();
- $vars->{'removed_na'} = \@removed_na;
+ delete_token($token);
+ $vars->{'removed_na'} = \@removed_na;
$vars->{'added_mandatory'} = \@added_mandatory;
-
$vars->{'product'} = $product;
$template->process("admin/products/groupcontrol/updated.html.tmpl", $vars)
@@ -737,7 +747,7 @@ if ($action eq 'updategroupcontrols') {
# action='update' -> update the product
#
if ($action eq 'update') {
-
+ check_token_data($token, 'edit_product');
my $product_old_name = trim($cgi->param('product_old_name') || '');
my $description = trim($cgi->param('description') || '');
my $disallownew = trim($cgi->param('disallownew') || '');
@@ -980,6 +990,7 @@ if ($action eq 'update') {
$vars->{'confirmedbugs'} = \@updated_bugs;
$vars->{'changer'} = $user->login;
}
+ delete_token($token);
$vars->{'old_product'} = $product_old;
$vars->{'product'} = $product;
@@ -1022,6 +1033,7 @@ if ($action eq 'editgroupcontrols') {
$vars->{'product'} = $product;
$vars->{'groups'} = $groups;
+ $vars->{'token'} = issue_session_token('edit_group_controls');
$vars->{'const'} = {
'CONTROLMAPNA' => CONTROLMAPNA,