summaryrefslogtreecommitdiffstats
path: root/quips.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2008-11-06 01:38:49 +0100
committerlpsolit%gmail.com <>2008-11-06 01:38:49 +0100
commitc4c473b908a62eaf839a61b657397a9c66b1f82c (patch)
treef7672c20a23ed8f6bdbbe37bc4705b00d4a6673e /quips.cgi
parentbbc78743ea55f5907dc7d37fb65020a0b6f26c9e (diff)
downloadbugzilla-c4c473b908a62eaf839a61b657397a9c66b1f82c.tar.gz
bugzilla-c4c473b908a62eaf839a61b657397a9c66b1f82c.tar.xz
Bug 449931: [SECURITY] Unprivileged users can approve/unapprove all the quips (including bypassing moderation) - Patch by Robin H. Johnson <robbat2@gentoo.org> r/a=LpSolit
Diffstat (limited to 'quips.cgi')
-rwxr-xr-xquips.cgi22
1 files changed, 17 insertions, 5 deletions
diff --git a/quips.cgi b/quips.cgi
index 295b6c83f..33b4e23ce 100755
--- a/quips.cgi
+++ b/quips.cgi
@@ -88,6 +88,11 @@ if ($action eq "add") {
}
if ($action eq 'approve') {
+ $user->in_group('admin')
+ || ThrowUserError("auth_failure", {group => "admin",
+ action => "approve",
+ object => "quips"});
+
# Read in the entire quip list
my $quipsref = $dbh->selectall_arrayref("SELECT quipid, approved FROM quips");
@@ -100,11 +105,18 @@ if ($action eq 'approve') {
my @approved;
my @unapproved;
foreach my $quipid (keys %quips) {
- my $form = $cgi->param('quipid_'.$quipid) ? 1 : 0;
- if($quips{$quipid} ne $form) {
- if($form) { push(@approved, $quipid); }
- else { push(@unapproved, $quipid); }
- }
+ # Must check for each quipid being defined for concurrency and
+ # automated usage where only one quipid might be defined.
+ my $quip = $cgi->param("quipid_$quipid") ? 1 : 0;
+ if(defined($cgi->param("defined_quipid_$quipid"))) {
+ if($quips{$quipid} != $quip) {
+ if($quip) {
+ push(@approved, $quipid);
+ } else {
+ push(@unapproved, $quipid);
+ }
+ }
+ }
}
$dbh->do("UPDATE quips SET approved = 1 WHERE quipid IN (" .
join(",", @approved) . ")") if($#approved > -1);