merged with bugzilla/4.2

author: Dave Lawrence <dlawrence@mozilla.com> 2012-06-05 05:02:59 +0200
committer: Dave Lawrence <dlawrence@mozilla.com> 2012-06-05 05:02:59 +0200
commit: d8124f85dd4d1ff0a207d0c033a4333af42d62eb (patch)
tree: 417cd4df4b1ff5e8daf1a81c7886514800ee0209 /query.cgi
parent: b8eb6641bd474fcd97f27315c46fde6dfff5fe76 (diff)
parent: 6b9b50db744c603dbfa0c7ae5aac8dca4e58b0cd (diff)
download: bugzilla-d8124f85dd4d1ff0a207d0c033a4333af42d62eb.tar.gz
bugzilla-d8124f85dd4d1ff0a207d0c033a4333af42d62eb.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/query.cgi b/query.cgi
index b3b9aa443..bfb79e52c 100755
--- a/query.cgi
+++ b/query.cgi
@@ -39,6 +39,7 @@ use Bugzilla::Product;
 use Bugzilla::Keyword;
 use Bugzilla::Field;
 use Bugzilla::Install::Util qw(vers_cmp);
+use Bugzilla::Token;
 
 my $cgi = Bugzilla->cgi;
 my $dbh = Bugzilla->dbh;
@@ -51,6 +52,8 @@ my $userid = $user->id;
 
 if ($cgi->param('nukedefaultquery')) {
     if ($userid) {
+        my $token = $cgi->param('token');
+        check_hash_token($token, ['nukedefaultquery']);
         $dbh->do("DELETE FROM namedqueries" .
                  " WHERE userid = ? AND name = ?", 
                  undef, ($userid, DEFAULT_QUERY_NAME));
author	Dave Lawrence <dlawrence@mozilla.com>	2012-06-05 05:02:59 +0200
committer	Dave Lawrence <dlawrence@mozilla.com>	2012-06-05 05:02:59 +0200
commit	d8124f85dd4d1ff0a207d0c033a4333af42d62eb (patch)
tree	417cd4df4b1ff5e8daf1a81c7886514800ee0209 /query.cgi
parent	b8eb6641bd474fcd97f27315c46fde6dfff5fe76 (diff)
parent	6b9b50db744c603dbfa0c7ae5aac8dca4e58b0cd (diff)
download	bugzilla-d8124f85dd4d1ff0a207d0c033a4333af42d62eb.tar.gz bugzilla-d8124f85dd4d1ff0a207d0c033a4333af42d62eb.tar.xz