summaryrefslogtreecommitdiffstats
path: root/process_bug.cgi
diff options
context:
space:
mode:
authortara%tequilarista.org <>2001-06-03 07:02:01 +0200
committertara%tequilarista.org <>2001-06-03 07:02:01 +0200
commit24bf6d11edd72edd34b5effa68aad9ca0984e913 (patch)
tree9f360faaefd749836032671dab0b887c204fb60a /process_bug.cgi
parentb42289bb5c84bff0bc610c8d3d87b63e4246a240 (diff)
downloadbugzilla-24bf6d11edd72edd34b5effa68aad9ca0984e913.tar.gz
bugzilla-24bf6d11edd72edd34b5effa68aad9ca0984e913.tar.xz
Landing Myk's patch for bug #71767
Diffstat (limited to 'process_bug.cgi')
-rwxr-xr-xprocess_bug.cgi26
1 files changed, 20 insertions, 6 deletions
diff --git a/process_bug.cgi b/process_bug.cgi
index 4b4453dc1..b2327b0fd 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -58,19 +58,33 @@ my $requiremilestone = 0;
# named "id_x" where "x" is the bug number.
my @idlist;
if (defined $::FORM{'id'}) {
- push @idlist, $::FORM{'id'};
+ push @idlist, $::FORM{'id'};
} else {
- foreach my $i (keys %::FORM) {
- if ($i =~ /^id_([1-9][0-9]*)/) {
- push @idlist, $1;
+ foreach my $i (keys %::FORM) {
+ if ($i =~ /^id_([1-9][0-9]*)/) {
+ push @idlist, $1;
+ }
}
- }
}
# For each bug being modified, make sure its ID is a valid bug number
# representing an existing bug that the user is authorized to access.
foreach my $id (@idlist) {
- ValidateBugID($id);
+ ValidateBugID($id);
+}
+
+# If the user has a bug list and is processing one bug, then after
+# we process the bug we are going to show them the next bug on their
+# list. Thus we have to make sure this bug ID is also valid,
+# since a malicious cracker might alter their cookies for the purpose
+# gaining access to bugs they are not authorized to access.
+if ( $::COOKIE{"BUGLIST"} ne "" && defined $::FORM{'id'} ) {
+ my @buglist = split( /:/ , $::COOKIE{"BUGLIST"} );
+ my $idx = lsearch( \@buglist , $::FORM{"id"} );
+ if ($idx < $#buglist) {
+ my $nextbugid = $buglist[$idx + 1];
+ ValidateBugID($nextbugid);
+ }
}
######################################################################