diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:03:28 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:03:28 +0100 |
| commit | 92cb17e05cecb4093ee9e189347ba66b8844528a (patch) | |
| tree | 7129cf8b6398e67276a17856804d4a157c4b7fa1 /process_bug.cgi | |
| parent | 92308c08cfd6608383be7faf90318f620ed5f4dc (diff) | |
| download | bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.tar.gz bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.tar.xz | |
Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized bug creation
r=mkanat a=LpSolit
Diffstat (limited to 'process_bug.cgi')
| -rwxr-xr-x | process_bug.cgi | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/process_bug.cgi b/process_bug.cgi index dc5ad9138..bf18a45d3 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -376,6 +376,9 @@ foreach my $bug (@bug_objects) { $bug->send_changes($changes, $vars); } +# Delete the session token used for the mass-change. +delete_token($token) unless $cgi->param('id'); + if (Bugzilla->usage_mode == USAGE_MODE_EMAIL) { # Do nothing. } |