summaryrefslogtreecommitdiffstats
path: root/process_bug.cgi
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2011-11-22 22:06:00 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2011-11-22 22:06:00 +0100
commit80882f085e8918346ddb0ec3250f0d31ddaba5e6 (patch)
tree1dc6042750defd5f415f15144252730054073089 /process_bug.cgi
parent4d99c123ee568e5a548968de8417ebc70a24efe4 (diff)
downloadbugzilla-80882f085e8918346ddb0ec3250f0d31ddaba5e6.tar.gz
bugzilla-80882f085e8918346ddb0ec3250f0d31ddaba5e6.tar.xz
Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized bug creation
r=mkanat a=LpSolit
Diffstat (limited to 'process_bug.cgi')
-rwxr-xr-xprocess_bug.cgi3
1 files changed, 3 insertions, 0 deletions
diff --git a/process_bug.cgi b/process_bug.cgi
index 382ee8b59..7c6e9590c 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -385,6 +385,9 @@ foreach my $bug (@bug_objects) {
$bug->send_changes($changes, $vars);
}
+# Delete the session token used for the mass-change.
+delete_token($token) unless $cgi->param('id');
+
if (Bugzilla->usage_mode == USAGE_MODE_EMAIL) {
# Do nothing.
}