summaryrefslogtreecommitdiffstats
path: root/editwhines.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'editwhines.cgi')
-rwxr-xr-xeditwhines.cgi7
1 files changed, 6 insertions, 1 deletions
diff --git a/editwhines.cgi b/editwhines.cgi
index 800c5385a..ba39b543d 100755
--- a/editwhines.cgi
+++ b/editwhines.cgi
@@ -35,6 +35,7 @@ use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::User;
use Bugzilla::Group;
+use Bugzilla::Token;
# require the user to have logged in
my $user = Bugzilla->login(LOGIN_REQUIRED);
@@ -49,7 +50,7 @@ my $vars = {};
my $dbh = Bugzilla->dbh;
my $userid = $user->id;
-
+my $token = $cgi->param('token');
my $sth; # database statement handle
# $events is a hash ref, keyed by event id, that stores the active user's
@@ -86,6 +87,8 @@ my $can_mail_others = Bugzilla->user->in_group('bz_canusewhineatothers');
# removed, then what was altered.
if ($cgi->param('update')) {
+ check_token_data($token, 'edit_whine');
+
if ($cgi->param("add_event")) {
# we create a new event
$sth = $dbh->prepare("INSERT INTO whine_events " .
@@ -349,6 +352,7 @@ if ($cgi->param('update')) {
}
}
}
+ delete_token($token);
}
$vars->{'mail_others'} = $can_mail_others;
@@ -436,6 +440,7 @@ $vars->{'available_queries'} = [];
while (my ($query) = $sth->fetchrow_array) {
push @{$vars->{'available_queries'}}, $query;
}
+$vars->{'token'} = issue_session_token('edit_whine');
$template->process("whine/schedule.html.tmpl", $vars)
|| ThrowTemplateError($template->error());