diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2014-04-17 18:11:12 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2014-04-17 18:11:12 +0200 |
| commit | 0e390970ba51b14a5dc780be7c6f0d6d7baa67e3 (patch) | |
| tree | 5e3a8751012a0c99769129494d1863a3a9ca5d9f /relogin.cgi | |
| parent | b639a1a7f4ed58f8d30058509444e44be3095f53 (diff) | |
| download | bugzilla-0e390970ba51b14a5dc780be7c6f0d6d7baa67e3.tar.gz bugzilla-0e390970ba51b14a5dc780be7c6f0d6d7baa67e3.tar.xz | |
Bug 713926: (CVE-2014-1517) [SECURITY] Login form lacks CSRF protection
r=dkl a=justdave
Diffstat (limited to 'relogin.cgi')
| -rwxr-xr-x | relogin.cgi | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/relogin.cgi b/relogin.cgi index 52944a811..0c1cb9ad6 100755 --- a/relogin.cgi +++ b/relogin.cgi @@ -52,6 +52,19 @@ elsif ($action eq 'prepare-sudo') { # Keep a temporary record of the user visiting this page $vars->{'token'} = issue_session_token('sudo_prepared'); + if ($user->authorizer->can_login) { + my $value = generate_random_password(); + my %args; + $args{'-secure'} = 1 if Bugzilla->params->{ssl_redirect}; + + $cgi->send_cookie(-name => 'Bugzilla_login_request_cookie', + -value => $value, + -httponly => 1, + %args); + + $vars->{'login_request_token'} = issue_hash_token(['login_request', $value]); + } + # Show the sudo page $vars->{'target_login_default'} = $cgi->param('target_login'); $vars->{'reason_default'} = $cgi->param('reason'); |