diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:03:28 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:03:28 +0100 |
| commit | 92cb17e05cecb4093ee9e189347ba66b8844528a (patch) | |
| tree | 7129cf8b6398e67276a17856804d4a157c4b7fa1 /enter_bug.cgi | |
| parent | 92308c08cfd6608383be7faf90318f620ed5f4dc (diff) | |
| download | bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.tar.gz bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.tar.xz | |
Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized bug creation
r=mkanat a=LpSolit
Diffstat (limited to 'enter_bug.cgi')
| -rwxr-xr-x | enter_bug.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/enter_bug.cgi b/enter_bug.cgi index 4ef886741..2337de120 100755 --- a/enter_bug.cgi +++ b/enter_bug.cgi @@ -207,7 +207,7 @@ $vars->{'qa_contact_disabled'} = !$has_editbugs; $vars->{'cloned_bug_id'} = $cloned_bug_id; -$vars->{'token'} = issue_session_token('createbug:'); +$vars->{'token'} = issue_session_token('create_bug'); my @enter_bug_fields = grep { $_->enter_bug } Bugzilla->active_custom_fields; |