From 844c6238baf72dfa79ad7e33f2bc1947cbf5b3f5 Mon Sep 17 00:00:00 2001
From: Dylan Hardison
Date: Wed, 9 Mar 2016 22:16:56 -0500
Subject: Bug 1253914 - Cross domain referer leakage when resetting the user
password
---
.../en/default/hook/account/auth/login-additional_methods.html.tmpl | 2 +-
.../template/en/default/hook/global/code-error-errors.html.tmpl | 3 +++
github.cgi | 3 +++
template/en/default/global/header.html.tmpl | 1 +
4 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/extensions/GitHubAuth/template/en/default/hook/account/auth/login-additional_methods.html.tmpl b/extensions/GitHubAuth/template/en/default/hook/account/auth/login-additional_methods.html.tmpl
index 609b86159..17bcb3e42 100644
--- a/extensions/GitHubAuth/template/en/default/hook/account/auth/login-additional_methods.html.tmpl
+++ b/extensions/GitHubAuth/template/en/default/hook/account/auth/login-additional_methods.html.tmpl
@@ -17,4 +17,4 @@
width="185" height="25">
-[% END %]
+[% END %]
\ No newline at end of file
diff --git a/extensions/GitHubAuth/template/en/default/hook/global/code-error-errors.html.tmpl b/extensions/GitHubAuth/template/en/default/hook/global/code-error-errors.html.tmpl
index aaf9b6fa3..c32dd3cd5 100644
--- a/extensions/GitHubAuth/template/en/default/hook/global/code-error-errors.html.tmpl
+++ b/extensions/GitHubAuth/template/en/default/hook/global/code-error-errors.html.tmpl
@@ -21,6 +21,9 @@
[% ELSIF error == "github_invalid_target" %]
[% terms.Bugzilla %] cannot log you into an external site via GitHub.
+[% ELSIF error == "github_insecure_referer" %]
+ [% terms.Bugzilla %] prevented you from logging in from a page containing private information.
+
[% ELSIF error == "github_invalid_request" %]
Invalid GitHub log in attempt (reason: [% reason FILTER html %])
diff --git a/github.cgi b/github.cgi
index 03a5753e6..74111eae3 100755
--- a/github.cgi
+++ b/github.cgi
@@ -41,6 +41,9 @@ if (lc($cgi->request_method) eq 'post') {
ThrowCodeError("github_invalid_target", { target_uri => $target_uri })
unless $target_uri =~ /^\Q$urlbase\E/;
+ ThrowCodeError("github_insecure_referer", { target_uri => $target_uri })
+ if $cgi->referer && $cgi->referer =~ /(reset_password\.cgi|token\.cgi|t=|token=|api_key=)/;
+
if ($user->id) {
print $cgi->redirect($target_uri);
exit;
diff --git a/template/en/default/global/header.html.tmpl b/template/en/default/global/header.html.tmpl
index 23634ed43..382c72f1d 100644
--- a/template/en/default/global/header.html.tmpl
+++ b/template/en/default/global/header.html.tmpl
@@ -268,6 +268,7 @@
[% IF allow_mobile && is_mobile_browser %]
[% END %]
+
[% Hook.process("additional_header") %]
--
cgit v1.2.3-24-g4f1b