diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:06:00 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:06:00 +0100 |
| commit | 80882f085e8918346ddb0ec3250f0d31ddaba5e6 (patch) | |
| tree | 1dc6042750defd5f415f15144252730054073089 /process_bug.cgi | |
| parent | 4d99c123ee568e5a548968de8417ebc70a24efe4 (diff) | |
| download | bugzilla-80882f085e8918346ddb0ec3250f0d31ddaba5e6.tar.gz bugzilla-80882f085e8918346ddb0ec3250f0d31ddaba5e6.tar.xz | |
Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized bug creation
r=mkanat a=LpSolit
Diffstat (limited to 'process_bug.cgi')
| -rwxr-xr-x | process_bug.cgi | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/process_bug.cgi b/process_bug.cgi index 382ee8b59..7c6e9590c 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -385,6 +385,9 @@ foreach my $bug (@bug_objects) { $bug->send_changes($changes, $vars); } +# Delete the session token used for the mass-change. +delete_token($token) unless $cgi->param('id'); + if (Bugzilla->usage_mode == USAGE_MODE_EMAIL) { # Do nothing. } |