diff options
author | Reed Loden <reed@reedloden.com> | 2012-05-29 16:52:31 +0200 |
---|---|---|
committer | Reed Loden <reed@reedloden.com> | 2012-05-29 16:52:31 +0200 |
commit | 3004a5e322c3a95c7e51978b917f1547c382bac9 (patch) | |
tree | 42b14a780baf09a83b2e6fe872a4f6a64f45a7d7 /query.cgi | |
parent | 6bf31c24a131b4a1694ce7c9686b85cfc6195532 (diff) | |
download | bugzilla-3004a5e322c3a95c7e51978b917f1547c382bac9.tar.gz bugzilla-3004a5e322c3a95c7e51978b917f1547c382bac9.tar.xz |
Bug 754673 - CSRF vulnerability in query.cgi allows possible unauthorized use of "Set my default search back to the system default"
[r=LpSolit a=LpSolit]
Diffstat (limited to 'query.cgi')
-rwxr-xr-x | query.cgi | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -39,6 +39,7 @@ use Bugzilla::Product; use Bugzilla::Keyword; use Bugzilla::Field; use Bugzilla::Install::Util qw(vers_cmp); +use Bugzilla::Token; my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -51,6 +52,8 @@ my $userid = $user->id; if ($cgi->param('nukedefaultquery')) { if ($userid) { + my $token = $cgi->param('token'); + check_hash_token($token, ['nukedefaultquery']); $dbh->do("DELETE FROM namedqueries" . " WHERE userid = ? AND name = ?", undef, ($userid, DEFAULT_QUERY_NAME)); |