summaryrefslogtreecommitdiffstats
path: root/query.cgi
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2012-05-29 16:52:31 +0200
committerReed Loden <reed@reedloden.com>2012-05-29 16:52:31 +0200
commit3004a5e322c3a95c7e51978b917f1547c382bac9 (patch)
tree42b14a780baf09a83b2e6fe872a4f6a64f45a7d7 /query.cgi
parent6bf31c24a131b4a1694ce7c9686b85cfc6195532 (diff)
downloadbugzilla-3004a5e322c3a95c7e51978b917f1547c382bac9.tar.gz
bugzilla-3004a5e322c3a95c7e51978b917f1547c382bac9.tar.xz
Bug 754673 - CSRF vulnerability in query.cgi allows possible unauthorized use of "Set my default search back to the system default"
[r=LpSolit a=LpSolit]
Diffstat (limited to 'query.cgi')
-rwxr-xr-xquery.cgi3
1 files changed, 3 insertions, 0 deletions
diff --git a/query.cgi b/query.cgi
index b3b9aa443..bfb79e52c 100755
--- a/query.cgi
+++ b/query.cgi
@@ -39,6 +39,7 @@ use Bugzilla::Product;
use Bugzilla::Keyword;
use Bugzilla::Field;
use Bugzilla::Install::Util qw(vers_cmp);
+use Bugzilla::Token;
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
@@ -51,6 +52,8 @@ my $userid = $user->id;
if ($cgi->param('nukedefaultquery')) {
if ($userid) {
+ my $token = $cgi->param('token');
+ check_hash_token($token, ['nukedefaultquery']);
$dbh->do("DELETE FROM namedqueries" .
" WHERE userid = ? AND name = ?",
undef, ($userid, DEFAULT_QUERY_NAME));