summaryrefslogtreecommitdiffstats
path: root/editusers.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-15 07:02:09 +0200
committerlpsolit%gmail.com <>2006-10-15 07:02:09 +0200
commit93815fc7619567cc962e053280c5ed0b19492feb (patch)
treeffc99d8156c41fbd0d5ab8801324adead2ef4436 /editusers.cgi
parent6fcfcb93eda16108f71b4c96010bae95cde622cd (diff)
downloadbugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz
bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.xz
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editusers.cgi')
-rwxr-xr-xeditusers.cgi19
1 files changed, 19 insertions, 0 deletions
diff --git a/editusers.cgi b/editusers.cgi
index f30c66746..19e7ea587 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -33,6 +33,7 @@ use Bugzilla::BugMail;
use Bugzilla::Flag;
use Bugzilla::Field;
use Bugzilla::Group;
+use Bugzilla::Token;
my $user = Bugzilla->login(LOGIN_REQUIRED);
@@ -57,6 +58,7 @@ print $cgi->header();
my $action = $cgi->param('action') || 'search';
my $otherUserID = $cgi->param('userid');
my $otherUserLogin = $cgi->param('user');
+my $token = $cgi->param('token');
# Prefill template vars with data used in all or nearly all templates
$vars->{'editusers'} = $editusers;
@@ -183,6 +185,8 @@ if ($action eq 'search') {
action => "add",
object => "users"});
+ $vars->{'token'} = issue_session_token('add_user');
+
$template->process('admin/users/create.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
@@ -192,6 +196,8 @@ if ($action eq 'search') {
action => "add",
object => "users"});
+ check_token_data($token, 'add_user');
+
my $new_user = Bugzilla::User->create({
login_name => scalar $cgi->param('login'),
cryptpassword => scalar $cgi->param('password'),
@@ -201,6 +207,10 @@ if ($action eq 'search') {
userDataToVars($new_user->id);
+ delete_token($token);
+
+ # We already display the updated page. We have to recreate a token now.
+ $vars->{'token'} = issue_session_token('edit_user');
$vars->{'message'} = 'account_created';
$template->process('admin/users/edit.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
@@ -212,6 +222,7 @@ if ($action eq 'search') {
###########################################################################
} elsif ($action eq 'update') {
+ check_token_data($token, 'edit_user');
my $otherUser = check_user($otherUserID, $otherUserLogin);
$otherUserID = $otherUser->id;
@@ -388,6 +399,7 @@ if ($action eq 'search') {
# XXX: userDataToVars may be off when editing ourselves.
userDataToVars($otherUserID);
+ delete_token($token);
$vars->{'message'} = 'account_updated';
$vars->{'loginold'} = $otherUser->login;
@@ -396,6 +408,9 @@ if ($action eq 'search') {
$vars->{'groups_removed_from'} = \@groupsRemovedFrom;
$vars->{'groups_granted_rights_to_bless'} = \@groupsGrantedRightsToBless;
$vars->{'groups_denied_rights_to_bless'} = \@groupsDeniedRightsToBless;
+ # We already display the updated page. We have to recreate a token now.
+ $vars->{'token'} = issue_session_token('edit_user');
+
$template->process('admin/users/edit.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
@@ -479,12 +494,14 @@ if ($action eq 'search') {
AND mailto_type = ?
},
undef, ($otherUserID, MAILTO_USER));
+ $vars->{'token'} = issue_session_token('delete_user');
$template->process('admin/users/confirm-delete.html.tmpl', $vars)
|| ThrowTemplateError($template->error());
###########################################################################
} elsif ($action eq 'delete') {
+ check_token_data($token, 'delete_user');
my $otherUser = check_user($otherUserID, $otherUserLogin);
$otherUserID = $otherUser->id;
@@ -707,6 +724,7 @@ if ($action eq 'search') {
$dbh->do('DELETE FROM profiles WHERE userid = ?', undef, $otherUserID);
$dbh->bz_unlock_tables();
+ delete_token($token);
$vars->{'message'} = 'account_deleted';
$vars->{'otheruser'}{'login'} = $otherUser->login;
@@ -857,6 +875,7 @@ sub edit_processing {
object => "user"});
userDataToVars($otherUser->id);
+ $vars->{'token'} = issue_session_token('edit_user');
$template->process('admin/users/edit.html.tmpl', $vars)
|| ThrowTemplateError($template->error());