diff options
| author | lpsolit%gmail.com <> | 2006-10-15 07:02:09 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-10-15 07:02:09 +0200 |
| commit | 93815fc7619567cc962e053280c5ed0b19492feb (patch) | |
| tree | ffc99d8156c41fbd0d5ab8801324adead2ef4436 /editwhines.cgi | |
| parent | 6fcfcb93eda16108f71b4c96010bae95cde622cd (diff) | |
| download | bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.xz | |
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editwhines.cgi')
| -rwxr-xr-x | editwhines.cgi | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/editwhines.cgi b/editwhines.cgi index 800c5385a..ba39b543d 100755 --- a/editwhines.cgi +++ b/editwhines.cgi @@ -35,6 +35,7 @@ use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::User; use Bugzilla::Group; +use Bugzilla::Token; # require the user to have logged in my $user = Bugzilla->login(LOGIN_REQUIRED); @@ -49,7 +50,7 @@ my $vars = {}; my $dbh = Bugzilla->dbh; my $userid = $user->id; - +my $token = $cgi->param('token'); my $sth; # database statement handle # $events is a hash ref, keyed by event id, that stores the active user's @@ -86,6 +87,8 @@ my $can_mail_others = Bugzilla->user->in_group('bz_canusewhineatothers'); # removed, then what was altered. if ($cgi->param('update')) { + check_token_data($token, 'edit_whine'); + if ($cgi->param("add_event")) { # we create a new event $sth = $dbh->prepare("INSERT INTO whine_events " . @@ -349,6 +352,7 @@ if ($cgi->param('update')) { } } } + delete_token($token); } $vars->{'mail_others'} = $can_mail_others; @@ -436,6 +440,7 @@ $vars->{'available_queries'} = []; while (my ($query) = $sth->fetchrow_array) { push @{$vars->{'available_queries'}}, $query; } +$vars->{'token'} = issue_session_token('edit_whine'); $template->process("whine/schedule.html.tmpl", $vars) || ThrowTemplateError($template->error()); |