Bug 1253914 - Cross domain referer leakage when resetting the user password

author: Dylan Hardison <dylan@mozilla.com> 2016-03-10 04:16:56 +0100
committer: Dylan Hardison <dylan@mozilla.com> 2016-03-10 04:17:15 +0100
commit: 844c6238baf72dfa79ad7e33f2bc1947cbf5b3f5 (patch)
tree: f8dfdac10f166934fcf22c01d44e66b8df873577 /github.cgi
parent: 9cc89d34f79d1a326e5c792722163d5908a97c13 (diff)
download: bugzilla-844c6238baf72dfa79ad7e33f2bc1947cbf5b3f5.tar.gz
bugzilla-844c6238baf72dfa79ad7e33f2bc1947cbf5b3f5.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/github.cgi b/github.cgi
index 03a5753e6..74111eae3 100755
--- a/github.cgi
+++ b/github.cgi
@@ -41,6 +41,9 @@ if (lc($cgi->request_method) eq 'post') {
     ThrowCodeError("github_invalid_target", { target_uri => $target_uri })
       unless $target_uri =~ /^\Q$urlbase\E/;
 
+    ThrowCodeError("github_insecure_referer", { target_uri => $target_uri })
+      if $cgi->referer && $cgi->referer =~ /(reset_password\.cgi|token\.cgi|t=|token=|api_key=)/;
+
     if ($user->id) {
         print $cgi->redirect($target_uri);
         exit;
author	Dylan Hardison <dylan@mozilla.com>	2016-03-10 04:16:56 +0100
committer	Dylan Hardison <dylan@mozilla.com>	2016-03-10 04:17:15 +0100
commit	844c6238baf72dfa79ad7e33f2bc1947cbf5b3f5 (patch)
tree	f8dfdac10f166934fcf22c01d44e66b8df873577 /github.cgi
parent	9cc89d34f79d1a326e5c792722163d5908a97c13 (diff)
download	bugzilla-844c6238baf72dfa79ad7e33f2bc1947cbf5b3f5.tar.gz bugzilla-844c6238baf72dfa79ad7e33f2bc1947cbf5b3f5.tar.xz