diff options
| -rw-r--r-- | Bugzilla/Token.pm | 9 | ||||
| -rwxr-xr-x | createaccount.cgi | 5 | ||||
| -rw-r--r-- | template/en/default/account/create.html.tmpl | 1 |
3 files changed, 13 insertions, 2 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 36b3b070f..a85dcc1f4 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -176,9 +176,14 @@ sub issue_hash_token { $data ||= []; $time ||= time(); + # For the user ID, use the actual ID if the user is logged in. + # Otherwise, use the remote IP, in case this is for something + # such as creating an account or logging in. + my $user_id = Bugzilla->user->id || remote_ip(); + # The concatenated string is of the form - # token creation time + site-wide secret + user ID + data - my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, Bugzilla->user->id, @$data); + # token creation time + site-wide secret + user ID (either ID or remote IP) + data + my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, $user_id, @$data); my $token = join('*', @args); # Wide characters cause md5_hex() to die. diff --git a/createaccount.cgi b/createaccount.cgi index d0437a021..90530b3c5 100755 --- a/createaccount.cgi +++ b/createaccount.cgi @@ -62,6 +62,11 @@ unless ($createexp) { my $login = $cgi->param('login'); if (defined($login)) { + # Check the hash token to make sure this user actually submitted + # the create account form. + my $token = $cgi->param('token'); + check_hash_token($token, ['create_account']); + $login = Bugzilla::User->check_login_name_for_creation($login); $vars->{'login'} = $login; diff --git a/template/en/default/account/create.html.tmpl b/template/en/default/account/create.html.tmpl index bf273e459..a2a2e9fc6 100644 --- a/template/en/default/account/create.html.tmpl +++ b/template/en/default/account/create.html.tmpl @@ -71,6 +71,7 @@ </tr> </table> <br> + <input type="hidden" id="token" name="token" value="[% issue_hash_token(['create_account']) FILTER html %]"> <input type="submit" id="send" value="Send"> </form> |