Bug 1306589 - BMO: CSRF vulnerability allows deleting admin queue entries

author: David Lawrence <dkl@mozilla.com> 2016-10-04 15:16:48 +0200
committer: David Lawrence <dkl@mozilla.com> 2016-10-04 15:16:48 +0200
commit: 125734746e1d48514b2e9affb8dd793d600b7c17 (patch)
tree: 6729dae6c3ed8e55b0b086dc2e8333994fc566da /extensions/Push/web
parent: 3078746b2997a75cc4ec2092f41f2003266cd6fd (diff)
download: bugzilla-125734746e1d48514b2e9affb8dd793d600b7c17.tar.gz
bugzilla-125734746e1d48514b2e9affb8dd793d600b7c17.tar.xz
2 files changed, 11 insertions, 0 deletions
diff --git a/extensions/Push/web/admin.css b/extensions/Push/web/admin.css
index c204fa62a..96b3b8da5 100644
--- a/extensions/Push/web/admin.css
+++ b/extensions/Push/web/admin.css
@@ -69,3 +69,7 @@
     text-align: right !important;
 }
 
+.action-button {
+    display: inline;
+}
+
diff --git a/extensions/Push/web/admin.js b/extensions/Push/web/admin.js
index 599bfd742..cf1c69e7d 100644
--- a/extensions/Push/web/admin.js
+++ b/extensions/Push/web/admin.js
@@ -35,3 +35,10 @@ function reset_to_defaults() {
     }
   }
 }
+
+$(function() {
+    $('#deleteMessage input[type=submit]')
+        .click(function(event) {
+            return confirm('Are you sure you want to delete this message forever (a long time)?');
+        });
+});
author	David Lawrence <dkl@mozilla.com>	2016-10-04 15:16:48 +0200
committer	David Lawrence <dkl@mozilla.com>	2016-10-04 15:16:48 +0200
commit	125734746e1d48514b2e9affb8dd793d600b7c17 (patch)
tree	6729dae6c3ed8e55b0b086dc2e8333994fc566da /extensions/Push/web
parent	3078746b2997a75cc4ec2092f41f2003266cd6fd (diff)
download	bugzilla-125734746e1d48514b2e9affb8dd793d600b7c17.tar.gz bugzilla-125734746e1d48514b2e9affb8dd793d600b7c17.tar.xz