Bug 704308 - CSRF vulnerability in post_bug.cgi allows possible unauthorized bug creation

author: Dave Lawrence <dlawrence@mozilla.com> 2011-11-28 17:38:31 +0100
committer: Dave Lawrence <dlawrence@mozilla.com> 2011-11-28 17:38:31 +0100
commit: faac5e70ce92133773a2043619f9f23870beb14b (patch)
tree: 6f7a03e9e4c14cfa2ee701622f79af9a449ad97e /process_bug.cgi
parent: 4e01a91159acec1075c5d156e2e9c956167696c0 (diff)
download: bugzilla-faac5e70ce92133773a2043619f9f23870beb14b.tar.gz
bugzilla-faac5e70ce92133773a2043619f9f23870beb14b.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/process_bug.cgi b/process_bug.cgi
index d44b9dda3..3d8b6bda2 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -391,6 +391,9 @@ foreach my $bug (@bug_objects) {
     $bug->send_changes($changes, $vars);
 }
 
+# Delete the session token used for the mass-change.
+delete_token($token) unless $cgi->param('id');
+
 if (Bugzilla->usage_mode == USAGE_MODE_EMAIL) {
     # Do nothing.
 }
author	Dave Lawrence <dlawrence@mozilla.com>	2011-11-28 17:38:31 +0100
committer	Dave Lawrence <dlawrence@mozilla.com>	2011-11-28 17:38:31 +0100
commit	faac5e70ce92133773a2043619f9f23870beb14b (patch)
tree	6f7a03e9e4c14cfa2ee701622f79af9a449ad97e /process_bug.cgi
parent	4e01a91159acec1075c5d156e2e9c956167696c0 (diff)
download	bugzilla-faac5e70ce92133773a2043619f9f23870beb14b.tar.gz bugzilla-faac5e70ce92133773a2043619f9f23870beb14b.tar.xz