diff options
| author | mkanat%kerio.com <> | 2005-05-12 10:52:13 +0200 |
|---|---|---|
| committer | mkanat%kerio.com <> | 2005-05-12 10:52:13 +0200 |
| commit | 8f2bc1b07ce4150a878e80f5bce09e819cbfd414 (patch) | |
| tree | 20f43dfce988ecfa01d14bbc4b9139ecc79f35cd /userprefs.cgi | |
| parent | e21b1306af07a0065ef4f8ab9d3b657a03a463be (diff) | |
| download | bugzilla-8f2bc1b07ce4150a878e80f5bce09e819cbfd414.tar.gz bugzilla-8f2bc1b07ce4150a878e80f5bce09e819cbfd414.tar.xz | |
Bug 287436: [SECURITY] After having logged in, links to change the report type contain username and password
Patch By Marc Schumann <wurblzap@gmail.com> r=gerv, a=justdave
Diffstat (limited to 'userprefs.cgi')
| -rwxr-xr-x | userprefs.cgi | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index 9c2135eb3..1cf15868b 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -388,12 +388,19 @@ sub SaveSavedSearches() { # Live code (not subroutine definitions) starts here ############################################################################### +my $cgi = Bugzilla->cgi; + +# This script needs direct access to the username and password CGI variables, +# so we save them before their removal in Bugzilla->login +my $bugzilla_login = $cgi->param('Bugzilla_login'); +my $bugzilla_password = $cgi->param('Bugzilla_password'); + Bugzilla->login(LOGIN_REQUIRED); +$cgi->param('Bugzilla_login', $bugzilla_login); +$cgi->param('Bugzilla_password', $bugzilla_password); GetVersionTable(); -my $cgi = Bugzilla->cgi; - $vars->{'changes_saved'} = $cgi->param('dosave'); my $current_tab_name = $cgi->param('tab') || "account"; |