diff options
| author | Dave Lawrence <dlawrence@mozilla.com> | 2011-11-28 17:38:31 +0100 |
|---|---|---|
| committer | Dave Lawrence <dlawrence@mozilla.com> | 2011-11-28 17:38:31 +0100 |
| commit | faac5e70ce92133773a2043619f9f23870beb14b (patch) | |
| tree | 6f7a03e9e4c14cfa2ee701622f79af9a449ad97e /enter_bug.cgi | |
| parent | 4e01a91159acec1075c5d156e2e9c956167696c0 (diff) | |
| download | bugzilla-faac5e70ce92133773a2043619f9f23870beb14b.tar.gz bugzilla-faac5e70ce92133773a2043619f9f23870beb14b.tar.xz | |
Bug 704308 - CSRF vulnerability in post_bug.cgi allows possible unauthorized bug creation
Diffstat (limited to 'enter_bug.cgi')
| -rwxr-xr-x | enter_bug.cgi | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/enter_bug.cgi b/enter_bug.cgi index 85e69e535..7a471ab95 100755 --- a/enter_bug.cgi +++ b/enter_bug.cgi @@ -225,7 +225,7 @@ $vars->{'qa_contact_disabled'} = !$has_editbugs; $vars->{'cloned_bug_id'} = $cloned_bug_id; -$vars->{'token'} = issue_session_token('createbug:'); +$vars->{'token'} = issue_session_token('create_bug'); my @enter_bug_fields = grep { $_->enter_bug } Bugzilla->active_custom_fields; |