Bug 1175985 - Bugzilla Sensitive Information Disclosure Vulnerability

author: Dylan William Hardison <dylan@hardison.net> 2015-07-21 17:19:15 +0200
committer: Dylan William Hardison <dylan@hardison.net> 2015-07-21 17:26:14 +0200
commit: de49ecc0ca26af7d391286d1a4b17af11920a1fd (patch)
tree: c5722989c36fe8b0b452c48d09088c6d8a6def5c /extensions/GitHubAuth/Extension.pm
parent: c53d646eec8907a4e9cb027c34bb93801f3c9fdc (diff)
download: bugzilla-de49ecc0ca26af7d391286d1a4b17af11920a1fd.tar.gz
bugzilla-de49ecc0ca26af7d391286d1a4b17af11920a1fd.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/extensions/GitHubAuth/Extension.pm b/extensions/GitHubAuth/Extension.pm
index dee927165..d68934be4 100644
--- a/extensions/GitHubAuth/Extension.pm
+++ b/extensions/GitHubAuth/Extension.pm
@@ -54,6 +54,15 @@ sub template_before_create {
     };
 }
 
+sub attachment_should_redirect_login {
+    my ($self, $args) = @_;
+    my $cgi = Bugzilla->cgi;
+
+    if ($cgi->param('github_state') || $cgi->param('github_email')) {
+        ${$args->{do_redirect}} = 1;
+    }
+}
+
 sub auth_login_methods {
     my ($self, $args) = @_;
     my $modules = $args->{'modules'};
author	Dylan William Hardison <dylan@hardison.net>	2015-07-21 17:19:15 +0200
committer	Dylan William Hardison <dylan@hardison.net>	2015-07-21 17:26:14 +0200
commit	de49ecc0ca26af7d391286d1a4b17af11920a1fd (patch)
tree	c5722989c36fe8b0b452c48d09088c6d8a6def5c /extensions/GitHubAuth/Extension.pm
parent	c53d646eec8907a4e9cb027c34bb93801f3c9fdc (diff)
download	bugzilla-de49ecc0ca26af7d391286d1a4b17af11920a1fd.tar.gz bugzilla-de49ecc0ca26af7d391286d1a4b17af11920a1fd.tar.xz