Bug 621105 - [SECURITY] Voting lacks CSRF protection

r=mkanat,a=LpSolit
author: David Lawrence <dlawrence@mozilla.com> 2011-01-24 20:35:31 +0100
committer: David Lawrence <dlawrence@mozilla.com> 2011-01-24 20:35:31 +0100
commit: ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6 (patch)
tree: e06da7523a0a54ca0e8f6c7d63185a1d76fa6607 /extensions/Voting/Extension.pm
parent: 9244270a7d1ca49e315a98c24d51bf405bfa2880 (diff)
download: bugzilla-ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6.tar.gz
bugzilla-ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/extensions/Voting/Extension.pm b/extensions/Voting/Extension.pm
index d94ff8430..8417e0ec3 100644
--- a/extensions/Voting/Extension.pm
+++ b/extensions/Voting/Extension.pm
@@ -36,6 +36,7 @@ use Bugzilla::Field;
 use Bugzilla::Mailer;
 use Bugzilla::User;
 use Bugzilla::Util qw(detaint_natural);
+use Bugzilla::Token;
 
 use List::Util qw(min);
 
@@ -529,6 +530,9 @@ sub _update_votes {
         || ThrowUserError("voting_must_be_nonnegative");
     }
 
+    my $token = $cgi->param('token');
+    check_hash_token($token, ['vote']);
+
     ############################################################################
     # End Data/Security Validation
     ############################################################################
author	David Lawrence <dlawrence@mozilla.com>	2011-01-24 20:35:31 +0100
committer	David Lawrence <dlawrence@mozilla.com>	2011-01-24 20:35:31 +0100
commit	ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6 (patch)
tree	e06da7523a0a54ca0e8f6c7d63185a1d76fa6607 /extensions/Voting/Extension.pm
parent	9244270a7d1ca49e315a98c24d51bf405bfa2880 (diff)
download	bugzilla-ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6.tar.gz bugzilla-ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6.tar.xz