diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2011-01-24 18:04:59 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-01-24 18:04:59 +0100 |
commit | f6c4abda55c83a53d32d5958cc9c81a602423c89 (patch) | |
tree | 9778fcd7fea9c2fc0bf3b13f68113efa22c7ce3c /extensions | |
parent | 4ab5bc9f4c4ba4a7b20ebf00466f9b2de67f311d (diff) | |
download | bugzilla-f6c4abda55c83a53d32d5958cc9c81a602423c89.tar.gz bugzilla-f6c4abda55c83a53d32d5958cc9c81a602423c89.tar.xz |
Bug 621107: [SECURITY] Sanity checking lacks CSRF protection
r=dkl a=LpSolit
Diffstat (limited to 'extensions')
2 files changed, 4 insertions, 2 deletions
diff --git a/extensions/Example/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl b/extensions/Example/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl index 8a825e57c..639752ed5 100644 --- a/extensions/Example/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl +++ b/extensions/Example/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl @@ -27,7 +27,8 @@ <a href="editusers.cgi?id=[% userid FILTER none %]">Edit this user</a>. [% END %] [% ELSIF san_tag == "example_check_au_user_prompt" %] - <a href="sanitycheck.cgi?example_repair_au_user=1">Fix these users</a>. + <a href="sanitycheck.cgi?example_repair_au_user=1&token= + [%- issue_hash_token(['sanitycheck']) FILTER uri %]">Fix these users</a>. [% ELSIF san_tag == "example_repair_au_user_start" %] <em>EXAMPLE PLUGIN</em> - OK, would now make users Australian. [% ELSIF san_tag == "example_repair_au_user_end" %] diff --git a/extensions/Voting/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl b/extensions/Voting/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl index afb81d34c..bbf0350a1 100644 --- a/extensions/Voting/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl +++ b/extensions/Voting/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl @@ -19,7 +19,8 @@ #%] [% IF san_tag == "voting_cache_rebuild_fix" %] - <a href="sanitycheck.cgi?rebuild_vote_cache=1">Click here to + <a href="sanitycheck.cgi?rebuild_vote_cache=1&token= + [%- issue_hash_token(['sanitycheck']) FILTER uri %]">Click here to rebuild the vote cache</a> [% ELSIF san_tag == "voting_cache_alert" %] |