diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-08-06 23:44:33 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-08-06 23:44:33 +0200 |
commit | 2137f365677d836e3d3c55c81634d0f732fecdfe (patch) | |
tree | 6b54af2c845acd8588dbe41cfb84f347a69d8ee8 /token.cgi | |
parent | 94abbb03a8db4179bdd7fe5edccb077e8908d114 (diff) | |
download | bugzilla-2137f365677d836e3d3c55c81634d0f732fecdfe.tar.gz bugzilla-2137f365677d836e3d3c55c81634d0f732fecdfe.tar.xz |
Bug 706271: CSRF vulnerability in token.cgi allows possible unauthorized password reset e-mail request
r=reed a=LpSolit
Diffstat (limited to 'token.cgi')
-rwxr-xr-x | token.cgi | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -108,6 +108,11 @@ if ( $action eq 'reqpw' ) { ThrowUserError("password_change_requests_not_allowed"); } + # Check the hash token to make sure this user actually submitted + # the forgotten password form. + my $token = $cgi->param('token'); + check_hash_token($token, ['reqpw']); + validate_email_syntax($login_name) || ThrowUserError('illegal_email_address', {addr => $login_name}); |