From 602af2ba4d6b98379a85bfa429132dbccf5851ea Mon Sep 17 00:00:00 2001
From: Dylan William Hardison <dylan@hardison.net>
Date: Wed, 20 Dec 2017 22:14:08 -0500
Subject: Bug 1424408 - "Sign in with GitHub" button triggers a bugzilla
 security error, if I'm viewing a page with e.g. "t=" in the URL

---
 github.cgi                | 2 +-
 qa/t/test_custom_fields.t | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/github.cgi b/github.cgi
index acb02d466..b8467e1e0 100755
--- a/github.cgi
+++ b/github.cgi
@@ -44,7 +44,7 @@ if (lc($cgi->request_method) eq 'post') {
       unless $target_uri =~ /^\Q$urlbase\E/;
 
     ThrowCodeError("github_insecure_referer", { target_uri => $target_uri })
-      if $cgi->referer && $cgi->referer =~ /(reset_password\.cgi|token\.cgi|t=|token=|api_key=)/;
+      if $cgi->referer && $cgi->referer =~ /(?:reset_password\.cgi|token\.cgi|\bt=|token=|api_key=)/;
 
     if ($user->id) {
         print $cgi->redirect($target_uri);
diff --git a/qa/t/test_custom_fields.t b/qa/t/test_custom_fields.t
index 70ffe876a..bd2074585 100644
--- a/qa/t/test_custom_fields.t
+++ b/qa/t/test_custom_fields.t
@@ -56,7 +56,7 @@ $sel->type_ok("sortkey", $bug1_id);
 $sel->click_ok("enter_bug");
 $sel->value_is("enter_bug", "on");
 $sel->click_ok("new_bugmail");
-sleep 5;
+sleep 10;
 $sel->value_is("new_bugmail", "on");
 $sel->value_is("obsolete", "off");
 $sel->click_ok("create");
-- 
cgit v1.2.3-24-g4f1b