summaryrefslogtreecommitdiffstats
path: root/extensions/TrackingFlags/lib/Admin.pm
diff options
context:
space:
mode:
Diffstat (limited to 'extensions/TrackingFlags/lib/Admin.pm')
-rw-r--r--extensions/TrackingFlags/lib/Admin.pm11
1 files changed, 9 insertions, 2 deletions
diff --git a/extensions/TrackingFlags/lib/Admin.pm b/extensions/TrackingFlags/lib/Admin.pm
index 1bae18ef8..542e990d5 100644
--- a/extensions/TrackingFlags/lib/Admin.pm
+++ b/extensions/TrackingFlags/lib/Admin.pm
@@ -1,4 +1,4 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
+#d This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
@@ -15,6 +15,7 @@ use Bugzilla::Component;
use Bugzilla::Error;
use Bugzilla::Group;
use Bugzilla::Product;
+use Bugzilla::Token qw(check_hash_token delete_token);
use Bugzilla::Util qw(trim detaint_natural);
use Bugzilla::Extension::TrackingFlags::Constants;
@@ -52,6 +53,10 @@ sub admin_edit {
$vars->{tracking_flag_types} = FLAG_TYPES;
if ($input->{delete}) {
+ my $token = $input->{token};
+ check_hash_token($token, ['tracking_flags_edit']);
+ delete_token($token);
+
my $flag = Bugzilla::Extension::TrackingFlags::Flag->new($vars->{flag_id})
|| ThrowCodeError('tracking_flags_invalid_item_id', { item => 'flag', id => $vars->{flag_id} });
$flag->remove_from_db();
@@ -67,7 +72,9 @@ sub admin_edit {
exit;
} elsif ($input->{save}) {
- # save
+ my $token = $input->{token};
+ check_hash_token($token, ['tracking_flags_edit']);
+ delete_token($token);
my ($flag, $values, $visibilities) = _load_from_input($input, $vars);
_validate($flag, $values, $visibilities);
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-06-07 08:52:16 +0200