Bug 1196743 - Fix information disclosure vulnerability that allows attacker to obtain victim's GitHub OAuth return code

1 files changed, 1 insertions, 14 deletions

diff --git a/extensions/GitHubAuth/Extension.pm b/extensions/GitHubAuth/Extension.pm
index d68934be4..b813689cd 100644
--- a/extensions/GitHubAuth/Extension.pm
+++ b/extensions/GitHubAuth/Extension.pm
@@ -12,7 +12,6 @@ use strict;
 use parent qw(Bugzilla::Extension);
 
 use Bugzilla::Extension::GitHubAuth::Client;
-use Bugzilla::Extension::GitHubAuth::Util qw(target_uri);
 
 use Bugzilla::Error;
 use Bugzilla::Util qw(trick_taint);
@@ -30,7 +29,7 @@ BEGIN {
         my ($stack, $method) = @_;
 
         return undef if $method eq 'fail_nodata';
-        return $stack->UNIVERSAL::can($method);
+        return $stack->SUPER::can($method);
     };
 }
 
@@ -42,18 +41,6 @@ sub install_before_final_checks {
     }) unless Bugzilla::Group->new({ name => 'no-github-auth' });
 }
 
-sub template_before_create {
-    my ($self, $args) = @_;
-
-    return if Bugzilla->user->id && !Bugzilla->cgi->param('logout');
-
-    $args->{config}{VARIABLES}{github_auth} = {
-        login => sub {
-            return Bugzilla::Extension::GitHubAuth::Client->login_uri(target_uri());
-        },
-    };
-}
-
 sub attachment_should_redirect_login {
     my ($self, $args) = @_;
     my $cgi = Bugzilla->cgi;