diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:06:00 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:06:00 +0100 |
| commit | 80882f085e8918346ddb0ec3250f0d31ddaba5e6 (patch) | |
| tree | 1dc6042750defd5f415f15144252730054073089 /enter_bug.cgi | |
| parent | 4d99c123ee568e5a548968de8417ebc70a24efe4 (diff) | |
| download | bugzilla-80882f085e8918346ddb0ec3250f0d31ddaba5e6.tar.gz bugzilla-80882f085e8918346ddb0ec3250f0d31ddaba5e6.tar.xz | |
Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized bug creation
r=mkanat a=LpSolit
Diffstat (limited to 'enter_bug.cgi')
| -rwxr-xr-x | enter_bug.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/enter_bug.cgi b/enter_bug.cgi index ffba2b09f..4778e4418 100755 --- a/enter_bug.cgi +++ b/enter_bug.cgi @@ -395,7 +395,7 @@ $vars->{'qa_contact_disabled'} = !$has_editbugs; $vars->{'cloned_bug_id'} = $cloned_bug_id; -$vars->{'token'} = issue_session_token('createbug:'); +$vars->{'token'} = issue_session_token('create_bug'); my @enter_bug_fields = grep { $_->enter_bug } Bugzilla->active_custom_fields; |