diff options
Diffstat (limited to 'editwhines.cgi')
| -rwxr-xr-x | editwhines.cgi | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/editwhines.cgi b/editwhines.cgi index 800c5385a..ba39b543d 100755 --- a/editwhines.cgi +++ b/editwhines.cgi @@ -35,6 +35,7 @@ use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::User; use Bugzilla::Group; +use Bugzilla::Token; # require the user to have logged in my $user = Bugzilla->login(LOGIN_REQUIRED); @@ -49,7 +50,7 @@ my $vars = {}; my $dbh = Bugzilla->dbh; my $userid = $user->id; - +my $token = $cgi->param('token'); my $sth; # database statement handle # $events is a hash ref, keyed by event id, that stores the active user's @@ -86,6 +87,8 @@ my $can_mail_others = Bugzilla->user->in_group('bz_canusewhineatothers'); # removed, then what was altered. if ($cgi->param('update')) { + check_token_data($token, 'edit_whine'); + if ($cgi->param("add_event")) { # we create a new event $sth = $dbh->prepare("INSERT INTO whine_events " . @@ -349,6 +352,7 @@ if ($cgi->param('update')) { } } } + delete_token($token); } $vars->{'mail_others'} = $can_mail_others; @@ -436,6 +440,7 @@ $vars->{'available_queries'} = []; while (my ($query) = $sth->fetchrow_array) { push @{$vars->{'available_queries'}}, $query; } +$vars->{'token'} = issue_session_token('edit_whine'); $template->process("whine/schedule.html.tmpl", $vars) || ThrowTemplateError($template->error()); |