Bug 1252210 - AntiSpam configuration is vulnerable to CSRF and persistent XSS

author: Dylan Hardison <dylan@mozilla.com> 2016-03-01 14:14:26 +0100
committer: Dylan Hardison <dylan@mozilla.com> 2016-03-01 14:22:04 +0100
commit: 085c24c80c6a79f21aba768bf16955685dcc47b7 (patch)
tree: 5c23f767a81b5fcd64adb89d4f74d5e320a053ef /extensions/EditTable/Extension.pm
parent: e5b9aa6ef469adb5db2ff4b7575342bd79fd450a (diff)
download: bugzilla-085c24c80c6a79f21aba768bf16955685dcc47b7.tar.gz
bugzilla-085c24c80c6a79f21aba768bf16955685dcc47b7.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/extensions/EditTable/Extension.pm b/extensions/EditTable/Extension.pm
index a10a30e57..675b3fe90 100644
--- a/extensions/EditTable/Extension.pm
+++ b/extensions/EditTable/Extension.pm
@@ -23,6 +23,7 @@ use base qw(Bugzilla::Extension);
 
 use Bugzilla::Error;
 use Bugzilla::Hook;
+use Bugzilla::Token;
 use Bugzilla::Util qw(trick_taint);
 use JSON;
 use Storable qw(dclone);
@@ -86,6 +87,9 @@ sub page_before_template {
     my $data = $input->{table_data};
     my $edits = [];
     if ($data) {
+        check_hash_token($input->{token}, [$table_name]);
+        delete_token($input->{token});
+
         $data = from_json($data)->{data};
         $edits = dclone($data);
         eval {
@@ -170,6 +174,7 @@ sub page_before_template {
 
     $vars->{table_name} = $table_name;
     $vars->{blurb}      = $table->{blurb};
+    $vars->{token}      = issue_hash_token([$table_name]);
     $vars->{table_data} = to_json({
         fields   => \@fields,
         id_field => $id_field,
author	Dylan Hardison <dylan@mozilla.com>	2016-03-01 14:14:26 +0100
committer	Dylan Hardison <dylan@mozilla.com>	2016-03-01 14:22:04 +0100
commit	085c24c80c6a79f21aba768bf16955685dcc47b7 (patch)
tree	5c23f767a81b5fcd64adb89d4f74d5e320a053ef /extensions/EditTable/Extension.pm
parent	e5b9aa6ef469adb5db2ff4b7575342bd79fd450a (diff)
download	bugzilla-085c24c80c6a79f21aba768bf16955685dcc47b7.tar.gz bugzilla-085c24c80c6a79f21aba768bf16955685dcc47b7.tar.xz