From 93815fc7619567cc962e053280c5ed0b19492feb Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sun, 15 Oct 2006 05:02:09 +0000 Subject: Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin r=mkanat a=myk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Bugzilla/Token.pm | 57 ++++++++++++- attachment.cgi | 4 +- editclassifications.cgi | 18 +++- editcomponents.cgi | 20 +++-- editfields.cgi | 15 ++-- editflagtypes.cgi | 38 +++++++-- editgroups.cgi | 14 +++- editkeywords.cgi | 21 +++++ editmilestones.cgi | 18 +++- editparams.cgi | 6 ++ editproducts.cgi | 26 ++++-- editsettings.cgi | 5 ++ editusers.cgi | 19 +++++ editvalues.cgi | 12 +++ editversions.cgi | 15 +++- editwhines.cgi | 7 +- enter_bug.cgi | 2 +- relogin.cgi | 4 +- skins/standard/global.css | 8 ++ .../en/default/admin/classifications/add.html.tmpl | 1 + .../en/default/admin/classifications/del.html.tmpl | 1 + .../default/admin/classifications/edit.html.tmpl | 1 + .../admin/classifications/reclassify.html.tmpl | 1 + .../admin/components/confirm-delete.html.tmpl | 1 + .../en/default/admin/components/create.html.tmpl | 2 +- .../en/default/admin/components/edit.html.tmpl | 1 + template/en/default/admin/confirm-action.html.tmpl | 97 ++++++++++++++++++++++ .../default/admin/custom_fields/create.html.tmpl | 1 + .../en/default/admin/custom_fields/edit.html.tmpl | 1 + .../admin/fieldvalues/confirm-delete.html.tmpl | 1 + .../en/default/admin/fieldvalues/create.html.tmpl | 2 +- .../en/default/admin/fieldvalues/edit.html.tmpl | 2 +- .../admin/flag-type/confirm-delete.html.tmpl | 16 ++-- template/en/default/admin/flag-type/edit.html.tmpl | 1 + template/en/default/admin/flag-type/list.html.tmpl | 23 +---- template/en/default/admin/groups/create.html.tmpl | 1 + template/en/default/admin/groups/delete.html.tmpl | 1 + template/en/default/admin/groups/edit.html.tmpl | 1 + .../admin/keywords/confirm-delete.html.tmpl | 1 + .../en/default/admin/keywords/create.html.tmpl | 1 + template/en/default/admin/keywords/edit.html.tmpl | 1 + .../admin/milestones/confirm-delete.html.tmpl | 1 + .../en/default/admin/milestones/create.html.tmpl | 2 +- .../en/default/admin/milestones/edit.html.tmpl | 2 +- .../en/default/admin/params/editparams.html.tmpl | 1 + .../admin/products/confirm-delete.html.tmpl | 1 + .../en/default/admin/products/create.html.tmpl | 1 + template/en/default/admin/products/edit.html.tmpl | 1 + .../admin/products/groupcontrol/edit.html.tmpl | 1 + template/en/default/admin/settings/edit.html.tmpl | 1 + .../default/admin/users/confirm-delete.html.tmpl | 1 + template/en/default/admin/users/create.html.tmpl | 1 + template/en/default/admin/users/edit.html.tmpl | 1 + .../admin/versions/confirm-delete.html.tmpl | 1 + .../en/default/admin/versions/create.html.tmpl | 2 +- template/en/default/admin/versions/edit.html.tmpl | 2 +- template/en/default/filterexceptions.pl | 1 - template/en/default/whine/schedule.html.tmpl | 1 + token.cgi | 2 +- 59 files changed, 403 insertions(+), 87 deletions(-) create mode 100644 template/en/default/admin/confirm-action.html.tmpl diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index f00e65280..a0f6b0c8e 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -18,6 +18,7 @@ # Rights Reserved. # # Contributor(s): Myk Melez +# Frédéric Buclin ################################################################################ # Module Initialization @@ -36,6 +37,11 @@ use Bugzilla::Util; use Date::Format; use Date::Parse; +use File::Basename; + +use base qw(Exporter); + +@Bugzilla::Token::EXPORT = qw(issue_session_token check_token_data delete_token); ################################################################################ # Public Functions @@ -156,7 +162,7 @@ sub IssuePasswordToken { MessageToMTA($message); } -sub IssueSessionToken { +sub issue_session_token { # Generates a random token, adds it to the tokens table, and returns # the token to the caller. @@ -243,7 +249,7 @@ sub Cancel { MessageToMTA($message); # Delete the token from the database. - DeleteToken($token); + delete_token($token); } sub DeletePasswordTokens { @@ -279,6 +285,7 @@ sub GetTokenData { my $dbh = Bugzilla->dbh; return unless defined $token; + $token = clean_text($token); trick_taint($token); return $dbh->selectrow_array( @@ -288,7 +295,7 @@ sub GetTokenData { } # Deletes specified token -sub DeleteToken { +sub delete_token { my ($token) = @_; my $dbh = Bugzilla->dbh; @@ -300,6 +307,50 @@ sub DeleteToken { $dbh->bz_unlock_tables(); } +# Given a token, makes sure it comes from the currently logged in user +# and match the expected event. Returns 1 on success, else displays a warning. +# Note: this routine must not be called while tables are locked as it will try +# to lock some tables itself, see CleanTokenTable(). +sub check_token_data { + my ($token, $expected_action) = @_; + my $user = Bugzilla->user; + my $template = Bugzilla->template; + my $cgi = Bugzilla->cgi; + + my ($creator_id, $date, $token_action) = GetTokenData($token); + unless ($creator_id + && $creator_id == $user->id + && $token_action eq $expected_action) + { + # Something is going wrong. Ask confirmation before processing. + # It is possible that someone tried to trick an administrator. + # In this case, we want to know his name! + require Bugzilla::User; + + my $vars = {}; + $vars->{'abuser'} = Bugzilla::User->new($creator_id)->identity; + $vars->{'token_action'} = $token_action; + $vars->{'expected_action'} = $expected_action; + $vars->{'script_name'} = basename($0); + + # Now is a good time to remove old tokens from the DB. + CleanTokenTable(); + + # If no token was found, create a valid token for the given action. + unless ($creator_id) { + $token = issue_session_token($expected_action); + $cgi->param('token', $token); + } + + print $cgi->header(); + + $template->process('admin/confirm-action.html.tmpl', $vars) + || ThrowTemplateError($template->error()); + exit; + } + return 1; +} + ################################################################################ # Internal Functions ################################################################################ diff --git a/attachment.cgi b/attachment.cgi index 431db444e..2b35b5e2c 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -825,7 +825,7 @@ sub delete_attachment { } # Now delete the token. - Bugzilla::Token::DeleteToken($token); + delete_token($token); # Paste the reason provided by the admin into a comment. AppendComment($bug_id, $user->id, $msg); @@ -835,7 +835,7 @@ sub delete_attachment { } else { # Create a token. - $token = Bugzilla::Token::IssueSessionToken('attachment' . $attach_id); + $token = issue_session_token('attachment' . $attach_id); $vars->{'a'} = $attachment; $vars->{'token'} = $token; diff --git a/editclassifications.cgi b/editclassifications.cgi index 026f1b3ab..0ebfb97fa 100755 --- a/editclassifications.cgi +++ b/editclassifications.cgi @@ -28,6 +28,7 @@ use Bugzilla::Constants; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::Classification; +use Bugzilla::Token; my $dbh = Bugzilla->dbh; my $cgi = Bugzilla->cgi; @@ -68,7 +69,8 @@ ThrowUserError("auth_classification_not_enabled") # my $action = trim($cgi->param('action') || ''); my $class_name = trim($cgi->param('classification') || ''); - +my $token = $cgi->param('token'); + # # action='' -> Show nice list of classifications # @@ -88,6 +90,7 @@ unless ($action) { # if ($action eq 'add') { + $vars->{'token'} = issue_session_token('add_classification'); LoadTemplate($action); } @@ -96,6 +99,7 @@ if ($action eq 'add') { # if ($action eq 'new') { + check_token_data($token, 'add_classification'); $class_name || ThrowUserError("classification_not_specified"); @@ -124,6 +128,7 @@ if ($action eq 'new') { $vars->{'classification'} = $class_name; + delete_token($token); LoadTemplate($action); } @@ -147,6 +152,7 @@ if ($action eq 'del') { } $vars->{'classification'} = $classification; + $vars->{'token'} = issue_session_token('delete_classification'); LoadTemplate($action); } @@ -156,6 +162,7 @@ if ($action eq 'del') { # if ($action eq 'delete') { + check_token_data($token, 'delete_classification'); my $classification = Bugzilla::Classification::check_classification($class_name); @@ -179,6 +186,7 @@ if ($action eq 'delete') { $vars->{'classification'} = $classification; + delete_token($token); LoadTemplate($action); } @@ -194,6 +202,7 @@ if ($action eq 'edit') { Bugzilla::Classification::check_classification($class_name); $vars->{'classification'} = $classification; + $vars->{'token'} = issue_session_token('edit_classification'); LoadTemplate($action); } @@ -203,6 +212,7 @@ if ($action eq 'edit') { # if ($action eq 'update') { + check_token_data($token, 'edit_classification'); $class_name || ThrowUserError("classification_not_specified"); @@ -254,6 +264,7 @@ if ($action eq 'update') { $dbh->bz_unlock_tables(); + delete_token($token); LoadTemplate($action); } @@ -270,25 +281,30 @@ if ($action eq 'reclassify') { WHERE name = ?"); if (defined $cgi->param('add_products')) { + check_token_data($token, 'reclassify_classifications'); if (defined $cgi->param('prodlist')) { foreach my $prod ($cgi->param("prodlist")) { trick_taint($prod); $sth->execute($classification->id, $prod); } } + delete_token($token); } elsif (defined $cgi->param('remove_products')) { + check_token_data($token, 'reclassify_classifications'); if (defined $cgi->param('myprodlist')) { foreach my $prod ($cgi->param("myprodlist")) { trick_taint($prod); $sth->execute(1,$prod); } } + delete_token($token); } my @classifications = Bugzilla::Classification::get_all_classifications; $vars->{'classifications'} = \@classifications; $vars->{'classification'} = $classification; + $vars->{'token'} = issue_session_token('reclassify_classifications'); LoadTemplate($action); } diff --git a/editcomponents.cgi b/editcomponents.cgi index cc81cece7..2ff41d628 100755 --- a/editcomponents.cgi +++ b/editcomponents.cgi @@ -39,6 +39,7 @@ use Bugzilla::User; use Bugzilla::Product; use Bugzilla::Component; use Bugzilla::Bug; +use Bugzilla::Token; ############### # Subroutines # @@ -86,6 +87,7 @@ my $product_name = trim($cgi->param('product') || ''); my $comp_name = trim($cgi->param('component') || ''); my $action = trim($cgi->param('action') || ''); my $showbugcounts = (defined $cgi->param('showbugcounts')); +my $token = $cgi->param('token'); # # product = '' -> Show nice list of products @@ -130,7 +132,7 @@ unless ($action) { # if ($action eq 'add') { - + $vars->{'token'} = issue_session_token('add_component'); $vars->{'product'} = $product; $template->process("admin/components/create.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -145,7 +147,7 @@ if ($action eq 'add') { # if ($action eq 'new') { - + check_token_data($token, 'add_component'); # Do the user matching Bugzilla::User::match_field ($cgi, { 'initialowner' => { 'type' => 'single' }, @@ -244,6 +246,8 @@ if ($action eq 'new') { $vars->{'comp'} = $component; $vars->{'product'} = $product; + delete_token($token); + $template->process("admin/components/created.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -260,7 +264,7 @@ if ($action eq 'new') { # if ($action eq 'del') { - + $vars->{'token'} = issue_session_token('delete_component'); $vars->{'comp'} = Bugzilla::Component::check_component($product, $comp_name); @@ -279,7 +283,7 @@ if ($action eq 'del') { # if ($action eq 'delete') { - + check_token_data($token, 'delete_component'); my $component = Bugzilla::Component::check_component($product, $comp_name); @@ -313,6 +317,8 @@ if ($action eq 'delete') { $vars->{'comp'} = $component; $vars->{'product'} = $product; + delete_token($token); + $template->process("admin/components/deleted.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -327,7 +333,7 @@ if ($action eq 'delete') { # if ($action eq 'edit') { - + $vars->{'token'} = issue_session_token('edit_component'); my $component = Bugzilla::Component::check_component($product, $comp_name); $vars->{'comp'} = $component; @@ -351,7 +357,7 @@ if ($action eq 'edit') { # if ($action eq 'update') { - + check_token_data($token, 'edit_component'); # Do the user matching Bugzilla::User::match_field ($cgi, { 'initialowner' => { 'type' => 'single' }, @@ -459,6 +465,8 @@ if ($action eq 'update') { $vars->{'initial_cc_names'} = join(', ', map($_->login, @{$component->initial_cc})); $vars->{'product'} = $product; + delete_token($token); + $template->process("admin/components/updated.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/editfields.cgi b/editfields.cgi index 67b72e98d..a77aafe77 100644 --- a/editfields.cgi +++ b/editfields.cgi @@ -23,6 +23,7 @@ use Bugzilla::Constants; use Bugzilla::Error; use Bugzilla::Util; use Bugzilla::Field; +use Bugzilla::Token; my $cgi = Bugzilla->cgi; my $template = Bugzilla->template; @@ -36,6 +37,7 @@ $user->in_group('admin') object => 'custom_fields'}); my $action = trim($cgi->param('action') || ''); +my $token = $cgi->param('token'); print $cgi->header(); @@ -46,10 +48,13 @@ if (!$action) { } # Interface to add a new custom field. elsif ($action eq 'add') { + $vars->{'token'} = issue_session_token('add_field'); + $template->process('admin/custom_fields/create.html.tmpl', $vars) || ThrowTemplateError($template->error()); } elsif ($action eq 'new') { + check_token_data($token, 'add_field'); my $name = clean_text($cgi->param('name') || ''); my $desc = clean_text($cgi->param('desc') || ''); my $type = trim($cgi->param('type') || FIELD_TYPE_FREETEXT); @@ -93,6 +98,7 @@ elsif ($action eq 'new') { $vars->{'is_obsolete'} = $cgi->param('obsolete') ? 1 : 0; Bugzilla::Field::create_or_update($vars); + delete_token($token); $vars->{'message'} = 'custom_field_created'; @@ -109,11 +115,13 @@ elsif ($action eq 'edit') { $field || ThrowUserError('customfield_nonexistent', {'name' => $name}); $vars->{'field'} = $field; + $vars->{'token'} = issue_session_token('edit_field'); $template->process('admin/custom_fields/edit.html.tmpl', $vars) || ThrowTemplateError($template->error()); } elsif ($action eq 'update') { + check_token_data($token, 'edit_field'); my $name = $cgi->param('name'); my $desc = clean_text($cgi->param('desc') || ''); my $sortkey = $cgi->param('sortkey') || 0; @@ -144,18 +152,13 @@ elsif ($action eq 'update') { $vars->{'is_obsolete'} = $cgi->param('obsolete') ? 1 : 0; Bugzilla::Field::create_or_update($vars); + delete_token($token); $vars->{'message'} = 'custom_field_updated'; $template->process('admin/custom_fields/list.html.tmpl', $vars) || ThrowTemplateError($template->error()); } -elsif ($action eq 'del') { - die "not yet implemented...\n"; -} -elsif ($action eq 'delete') { - die "not yet implemented...\n"; -} else { ThrowUserError('no_valid_action', {'field' => 'custom_field'}); } diff --git a/editflagtypes.cgi b/editflagtypes.cgi index 2c03c4f1f..6e001a525 100755 --- a/editflagtypes.cgi +++ b/editflagtypes.cgi @@ -41,6 +41,7 @@ use Bugzilla::Product; use Bugzilla::Component; use Bugzilla::Bug; use Bugzilla::Attachment; +use Bugzilla::Token; local our $cgi = Bugzilla->cgi; local our $template = Bugzilla->template; @@ -63,11 +64,12 @@ $user->in_group('editcomponents') # Determine whether to use the action specified by the user or the default. my $action = $cgi->param('action') || 'list'; +my $token = $cgi->param('token'); my @categoryActions; if (@categoryActions = grep(/^categoryAction-.+/, $cgi->param())) { $categoryActions[0] =~ s/^categoryAction-//; - processCategoryChange($categoryActions[0]); + processCategoryChange($categoryActions[0], $token); exit; } @@ -75,11 +77,11 @@ if ($action eq 'list') { list(); } elsif ($action eq 'enter') { edit($action); } elsif ($action eq 'copy') { edit($action); } elsif ($action eq 'edit') { edit($action); } -elsif ($action eq 'insert') { insert(); } -elsif ($action eq 'update') { update(); } +elsif ($action eq 'insert') { insert($token); } +elsif ($action eq 'update') { update($token); } elsif ($action eq 'confirmdelete') { confirmDelete(); } -elsif ($action eq 'delete') { deleteType(); } -elsif ($action eq 'deactivate') { deactivate(); } +elsif ($action eq 'delete') { deleteType(undef, $token); } +elsif ($action eq 'deactivate') { deactivate($token); } else { ThrowCodeError("action_unrecognized", { action => $action }); } @@ -167,9 +169,11 @@ sub edit { $vars->{'last_action'} = $cgi->param('action'); if ($cgi->param('action') eq 'enter' || $cgi->param('action') eq 'copy') { $vars->{'action'} = "insert"; + $vars->{'token'} = issue_session_token('add_flagtype'); } else { $vars->{'action'} = "update"; + $vars->{'token'} = issue_session_token('edit_flagtype'); } # If copying or editing an existing flag type, retrieve it. @@ -197,7 +201,7 @@ sub edit { } sub processCategoryChange { - my $categoryAction = shift; + my ($categoryAction, $token) = @_; validateIsActive(); validateIsRequestable(); validateIsRequesteeble(); @@ -252,7 +256,8 @@ sub processCategoryChange { $type->{'inclusions'} = \%inclusions; $type->{'exclusions'} = \%exclusions; $vars->{'type'} = $type; - + $vars->{'token'} = $token; + # Return the appropriate HTTP response headers. print $cgi->header(); @@ -287,6 +292,8 @@ sub clusion_array_to_hash { } sub insert { + my $token = shift; + check_token_data($token, 'add_flagtype'); my $name = validateName(); my $description = validateDescription(); my $cc_list = validateCCList(); @@ -329,6 +336,7 @@ sub insert { $vars->{'name'} = $cgi->param('name'); $vars->{'message'} = "flag_type_created"; + delete_token($token); # Return the appropriate HTTP response headers. print $cgi->header(); @@ -340,6 +348,8 @@ sub insert { sub update { + my $token = shift; + check_token_data($token, 'edit_flagtype'); my $flag_type = validateID(); my $id = $flag_type->id; my $name = validateName(); @@ -426,6 +436,7 @@ sub update { $vars->{'name'} = $cgi->param('name'); $vars->{'message'} = "flag_type_changes_saved"; + delete_token($token); # Return the appropriate HTTP response headers. print $cgi->header(); @@ -441,7 +452,7 @@ sub confirmDelete { if ($flag_type->flag_count) { $vars->{'flag_type'} = $flag_type; - + $vars->{'token'} = issue_session_token('delete_flagtype'); # Return the appropriate HTTP response headers. print $cgi->header(); @@ -450,13 +461,18 @@ sub confirmDelete { || ThrowTemplateError($template->error()); } else { - deleteType($flag_type); + # We should *always* ask if the admin really wants to delete + # a flagtype, even if there is no flag belonging to this type. + my $token = issue_session_token('delete_flagtype'); + deleteType($flag_type, $token); } } sub deleteType { my $flag_type = shift || validateID(); + my $token = shift; + check_token_data($token, 'delete_flagtype'); my $id = $flag_type->id; my $dbh = Bugzilla->dbh; @@ -474,6 +490,7 @@ sub deleteType { $dbh->bz_unlock_tables(); $vars->{'message'} = "flag_type_deleted"; + delete_token($token); # Return the appropriate HTTP response headers. print $cgi->header(); @@ -485,6 +502,8 @@ sub deleteType { sub deactivate { + my $token = shift; + check_token_data($token, 'delete_flagtype'); my $flag_type = validateID(); validateIsActive(); @@ -496,6 +515,7 @@ sub deactivate { $vars->{'message'} = "flag_type_deactivated"; $vars->{'flag_type'} = $flag_type; + delete_token($token); # Return the appropriate HTTP response headers. print $cgi->header(); diff --git a/editgroups.cgi b/editgroups.cgi index 8e6cf55ac..09e1c8b10 100755 --- a/editgroups.cgi +++ b/editgroups.cgi @@ -35,6 +35,7 @@ use Bugzilla::Error; use Bugzilla::Group; use Bugzilla::Product; use Bugzilla::User; +use Bugzilla::Token; my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -51,6 +52,7 @@ $user->in_group('creategroups') object => "groups"}); my $action = trim($cgi->param('action') || ''); +my $token = $cgi->param('token'); # Add missing entries in bug_group_map for bugs created while # a mandatory group was disabled and which is now enabled again. @@ -220,6 +222,7 @@ if ($action eq 'changeform') { $vars->{'isactive'} = $isactive; $vars->{'isbuggroup'} = $isbuggroup; $vars->{'groups'} = \@groups; + $vars->{'token'} = issue_session_token('edit_group'); print $cgi->header(); $template->process("admin/groups/edit.html.tmpl", $vars) @@ -235,6 +238,7 @@ if ($action eq 'changeform') { # if ($action eq 'add') { + $vars->{'token'} = issue_session_token('add_group'); print $cgi->header(); $template->process("admin/groups/create.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -249,6 +253,7 @@ if ($action eq 'add') { # if ($action eq 'new') { + check_token_data($token, 'add_group'); # Check that a not already used group name is given, that # a description is also given and check if the regular # expression is valid (if any). @@ -284,6 +289,7 @@ if ($action eq 'new') { undef, ($gid, CONTROLMAPSHOWN, CONTROLMAPNA)); } Bugzilla::Group::RederiveRegexp($regexp, $gid); + delete_token($token); print $cgi->header(); $template->process("admin/groups/created.html.tmpl", $vars) @@ -356,6 +362,7 @@ if ($action eq 'del') { $vars->{'hasflags'} = $hasflags; $vars->{'shared_queries'} = $shared_queries; $vars->{'buglist'} = $buglist; + $vars->{'token'} = issue_session_token('delete_group'); print $cgi->header(); $template->process("admin/groups/delete.html.tmpl", $vars) @@ -369,6 +376,7 @@ if ($action eq 'del') { # if ($action eq 'delete') { + check_token_data($token, 'delete_group'); # Check that an existing group ID is given my $gid = CheckGroupID($cgi->param('group')); my ($name, $isbuggroup) = @@ -455,6 +463,8 @@ if ($action eq 'delete') { $dbh->do('DELETE FROM groups WHERE id = ?', undef, $gid); + delete_token($token); + print $cgi->header(); $template->process("admin/groups/deleted.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -467,6 +477,7 @@ if ($action eq 'delete') { # if ($action eq 'postchanges') { + check_token_data($token, 'edit_group'); # ZLL: Bug 181589: we need to have something to remove explicitly listed users from # groups in order for the conversion to 2.18 groups to work my $action; @@ -488,7 +499,8 @@ if ($action eq 'postchanges') { if ($action == 2) { $vars->{'regexp'} = $regexp; } - + delete_token($token); + print $cgi->header(); $template->process("admin/groups/change.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/editkeywords.cgi b/editkeywords.cgi index bf130768e..3aca22e43 100755 --- a/editkeywords.cgi +++ b/editkeywords.cgi @@ -28,6 +28,7 @@ use Bugzilla::Constants; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::Keyword; +use Bugzilla::Token; my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -49,6 +50,8 @@ $user->in_group('editkeywords') my $action = trim($cgi->param('action') || ''); my $key_id = $cgi->param('id'); +my $token = $cgi->param('token'); + $vars->{'action'} = $action; @@ -64,6 +67,8 @@ if ($action eq "") { if ($action eq 'add') { + $vars->{'token'} = issue_session_token('add_keyword'); + print $cgi->header(); $template->process("admin/keywords/create.html.tmpl", $vars) @@ -76,12 +81,15 @@ if ($action eq 'add') { # action='new' -> add keyword entered in the 'action=add' screen # if ($action eq 'new') { + check_token_data($token, 'add_keyword'); my $name = $cgi->param('name') || ''; my $desc = $cgi->param('description') || ''; my $keyword = Bugzilla::Keyword->create( { name => $name, description => $desc }); + delete_token($token); + print $cgi->header(); $vars->{'name'} = $keyword->name; @@ -104,6 +112,7 @@ if ($action eq 'edit') { || ThrowCodeError('invalid_keyword_id', { id => $key_id }); $vars->{'keyword'} = $keyword; + $vars->{'token'} = issue_session_token('edit_keyword'); print $cgi->header(); $template->process("admin/keywords/edit.html.tmpl", $vars) @@ -117,6 +126,7 @@ if ($action eq 'edit') { # if ($action eq 'update') { + check_token_data($token, 'edit_keyword'); my $keyword = new Bugzilla::Keyword($key_id) || ThrowCodeError('invalid_keyword_id', { id => $key_id }); @@ -124,6 +134,8 @@ if ($action eq 'update') { $keyword->set_description($cgi->param('description')); $keyword->update(); + delete_token($token); + print $cgi->header(); $vars->{'keyword'} = $keyword; @@ -140,16 +152,25 @@ if ($action eq 'delete') { $vars->{'keyword'} = $keyword; + # We need this token even if there is no bug using this keyword. + $token = issue_session_token('delete_keyword'); + if (!$cgi->param('reallydelete') && $keyword->bug_count) { + $vars->{'token'} = $token; + print $cgi->header(); $template->process("admin/keywords/confirm-delete.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; } + # We cannot do this check earlier as we have to check 'reallydelete' first. + check_token_data($token, 'delete_keyword'); $dbh->do('DELETE FROM keywords WHERE keywordid = ?', undef, $keyword->id); $dbh->do('DELETE FROM keyworddefs WHERE id = ?', undef, $keyword->id); + delete_token($token); + print $cgi->header(); $template->process("admin/keywords/rebuild-cache.html.tmpl", $vars) diff --git a/editmilestones.cgi b/editmilestones.cgi index 261b81920..d3a8c7a73 100755 --- a/editmilestones.cgi +++ b/editmilestones.cgi @@ -26,6 +26,7 @@ use Bugzilla::Error; use Bugzilla::Product; use Bugzilla::Milestone; use Bugzilla::Bug; +use Bugzilla::Token; my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -54,6 +55,7 @@ my $milestone_name = trim($cgi->param('milestone') || ''); my $sortkey = trim($cgi->param('sortkey') || 0); my $action = trim($cgi->param('action') || ''); my $showbugcounts = (defined $cgi->param('showbugcounts')); +my $token = $cgi->param('token'); # # product = '' -> Show nice list of products @@ -101,7 +103,7 @@ unless ($action) { # if ($action eq 'add') { - + $vars->{'token'} = issue_session_token('add_milestone'); $vars->{'product'} = $product; $template->process("admin/milestones/create.html.tmpl", $vars) @@ -117,7 +119,7 @@ if ($action eq 'add') { # if ($action eq 'new') { - + check_token_data($token, 'add_milestone'); $milestone_name || ThrowUserError('milestone_blank_name'); if (length($milestone_name) > 20) { @@ -145,6 +147,8 @@ if ($action eq 'new') { $milestone = new Bugzilla::Milestone($product->id, $milestone_name); + delete_token($token); + $vars->{'milestone'} = $milestone; $vars->{'product'} = $product; $template->process("admin/milestones/created.html.tmpl", @@ -174,6 +178,7 @@ if ($action eq 'del') { if ($product->default_milestone eq $milestone->name) { ThrowUserError("milestone_is_default", $vars); } + $vars->{'token'} = issue_session_token('delete_milestone'); $template->process("admin/milestones/confirm-delete.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -187,7 +192,7 @@ if ($action eq 'del') { # if ($action eq 'delete') { - + check_token_data($token, 'delete_milestone'); my $milestone = Bugzilla::Milestone::check_milestone($product, $milestone_name); @@ -223,6 +228,8 @@ if ($action eq 'delete') { $dbh->do("DELETE FROM milestones WHERE product_id = ? AND value = ?", undef, ($product->id, $milestone->name)); + delete_token($token); + $template->process("admin/milestones/deleted.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -244,6 +251,7 @@ if ($action eq 'edit') { $vars->{'milestone'} = $milestone; $vars->{'product'} = $product; + $vars->{'token'} = issue_session_token('edit_milestone'); $template->process("admin/milestones/edit.html.tmpl", $vars) @@ -259,7 +267,7 @@ if ($action eq 'edit') { # if ($action eq 'update') { - + check_token_data($token, 'edit_milestone'); my $milestone_old_name = trim($cgi->param('milestoneold') || ''); my $milestone_old = Bugzilla::Milestone::check_milestone($product, @@ -338,6 +346,8 @@ if ($action eq 'update') { my $milestone = Bugzilla::Milestone::check_milestone($product, $milestone_name); + delete_token($token); + $vars->{'milestone'} = $milestone; $vars->{'product'} = $product; $template->process("admin/milestones/updated.html.tmpl", diff --git a/editparams.cgi b/editparams.cgi index 79063271a..cbce6405f 100755 --- a/editparams.cgi +++ b/editparams.cgi @@ -31,6 +31,7 @@ use Bugzilla::Config qw(:admin); use Bugzilla::Config::Common; use Bugzilla::Util; use Bugzilla::Error; +use Bugzilla::Token; my $user = Bugzilla->login(LOGIN_REQUIRED); my $cgi = Bugzilla->cgi; @@ -45,6 +46,7 @@ $user->in_group('tweakparams') object => "parameters"}); my $action = trim($cgi->param('action') || ''); +my $token = $cgi->param('token'); my $current_panel = $cgi->param('section') || 'core'; $current_panel =~ /^([A-Za-z0-9_-]+)$/; $current_panel = $1; @@ -66,6 +68,7 @@ foreach my $panel (Bugzilla::Config::param_panels()) { $vars->{panels} = \@panels; if ($action eq 'save' && $current_module) { + check_token_data($token, 'edit_parameters'); my @changes = (); my @module_param_list = "Bugzilla::Config::${current_module}"->get_param_list(1); @@ -125,7 +128,10 @@ if ($action eq 'save' && $current_module) { $vars->{'param_changed'} = \@changes; write_params(); + delete_token($token); } +$vars->{'token'} = issue_session_token('edit_parameters'); + $template->process("admin/params/editparams.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/editproducts.cgi b/editproducts.cgi index 4c4394926..6fc5da258 100755 --- a/editproducts.cgi +++ b/editproducts.cgi @@ -47,6 +47,7 @@ use Bugzilla::Milestone; use Bugzilla::Group; use Bugzilla::User; use Bugzilla::Field; +use Bugzilla::Token; # # Preliminary checks: @@ -74,6 +75,7 @@ my $classification_name = trim($cgi->param('classification') || ''); my $product_name = trim($cgi->param('product') || ''); my $action = trim($cgi->param('action') || ''); my $showbugcounts = (defined $cgi->param('showbugcounts')); +my $token = $cgi->param('token'); # # product = '' -> Show nice list of classifications (if @@ -128,12 +130,13 @@ if (!$action && !$product_name) { # if ($action eq 'add') { - if (Bugzilla->params->{'useclassification'}) { my $classification = Bugzilla::Classification::check_classification($classification_name); $vars->{'classification'} = $classification; } + $vars->{'token'} = issue_session_token('add_product'); + $template->process("admin/products/create.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -146,7 +149,7 @@ if ($action eq 'add') { # if ($action eq 'new') { - + check_token_data($token, 'add_product'); # Cleanups and validity checks my $classification_id = 1; @@ -306,6 +309,8 @@ if ($action eq 'new') { $series->writeToDatabase(); } } + delete_token($token); + $vars->{'product'} = $product; $template->process("admin/products/created.html.tmpl", $vars) @@ -339,6 +344,7 @@ if ($action eq 'del') { } $vars->{'product'} = $product; + $vars->{'token'} = issue_session_token('delete_product'); $template->process("admin/products/confirm-delete.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -350,6 +356,7 @@ if ($action eq 'del') { # if ($action eq 'delete') { + check_token_data($token, 'delete_product'); # First make sure the product name is valid. my $product = Bugzilla::Product::check_product($product_name); @@ -413,6 +420,8 @@ if ($action eq 'delete') { $dbh->bz_unlock_tables(); + delete_token($token); + $template->process("admin/products/deleted.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -467,9 +476,9 @@ if ($action eq 'edit' || (!$action && $product_name)) { } } $vars->{'group_controls'} = $group_controls; - $vars->{'product'} = $product; - + $vars->{'token'} = issue_session_token('edit_product'); + $template->process("admin/products/edit.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -481,6 +490,7 @@ if ($action eq 'edit' || (!$action && $product_name)) { # if ($action eq 'updategroupcontrols') { + check_token_data($token, 'edit_group_controls'); # First make sure the product name is valid. my $product = Bugzilla::Product::check_product($product_name); @@ -722,10 +732,10 @@ if ($action eq 'updategroupcontrols') { } $dbh->bz_unlock_tables(); - $vars->{'removed_na'} = \@removed_na; + delete_token($token); + $vars->{'removed_na'} = \@removed_na; $vars->{'added_mandatory'} = \@added_mandatory; - $vars->{'product'} = $product; $template->process("admin/products/groupcontrol/updated.html.tmpl", $vars) @@ -737,7 +747,7 @@ if ($action eq 'updategroupcontrols') { # action='update' -> update the product # if ($action eq 'update') { - + check_token_data($token, 'edit_product'); my $product_old_name = trim($cgi->param('product_old_name') || ''); my $description = trim($cgi->param('description') || ''); my $disallownew = trim($cgi->param('disallownew') || ''); @@ -980,6 +990,7 @@ if ($action eq 'update') { $vars->{'confirmedbugs'} = \@updated_bugs; $vars->{'changer'} = $user->login; } + delete_token($token); $vars->{'old_product'} = $product_old; $vars->{'product'} = $product; @@ -1022,6 +1033,7 @@ if ($action eq 'editgroupcontrols') { $vars->{'product'} = $product; $vars->{'groups'} = $groups; + $vars->{'token'} = issue_session_token('edit_group_controls'); $vars->{'const'} = { 'CONTROLMAPNA' => CONTROLMAPNA, diff --git a/editsettings.cgi b/editsettings.cgi index 6d7fffdfa..a4a85710f 100755 --- a/editsettings.cgi +++ b/editsettings.cgi @@ -24,6 +24,7 @@ use Bugzilla::Constants; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::User::Setting; +use Bugzilla::Token; my $template = Bugzilla->template; local our $vars = {}; @@ -79,9 +80,12 @@ $user->in_group('tweakparams') object => "settings"}); my $action = trim($cgi->param('action') || 'load'); +my $token = $cgi->param('token'); if ($action eq 'update') { + check_token_data($token, 'edit_settings'); SaveSettings(); + delete_token($token); $vars->{'changes_saved'} = 1; $template->process("admin/settings/updated.html.tmpl", $vars) @@ -92,6 +96,7 @@ if ($action eq 'update') { if ($action eq 'load') { LoadSettings(); + $vars->{'token'} = issue_session_token('edit_settings'); $template->process("admin/settings/edit.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/editusers.cgi b/editusers.cgi index f30c66746..19e7ea587 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -33,6 +33,7 @@ use Bugzilla::BugMail; use Bugzilla::Flag; use Bugzilla::Field; use Bugzilla::Group; +use Bugzilla::Token; my $user = Bugzilla->login(LOGIN_REQUIRED); @@ -57,6 +58,7 @@ print $cgi->header(); my $action = $cgi->param('action') || 'search'; my $otherUserID = $cgi->param('userid'); my $otherUserLogin = $cgi->param('user'); +my $token = $cgi->param('token'); # Prefill template vars with data used in all or nearly all templates $vars->{'editusers'} = $editusers; @@ -183,6 +185,8 @@ if ($action eq 'search') { action => "add", object => "users"}); + $vars->{'token'} = issue_session_token('add_user'); + $template->process('admin/users/create.html.tmpl', $vars) || ThrowTemplateError($template->error()); @@ -192,6 +196,8 @@ if ($action eq 'search') { action => "add", object => "users"}); + check_token_data($token, 'add_user'); + my $new_user = Bugzilla::User->create({ login_name => scalar $cgi->param('login'), cryptpassword => scalar $cgi->param('password'), @@ -201,6 +207,10 @@ if ($action eq 'search') { userDataToVars($new_user->id); + delete_token($token); + + # We already display the updated page. We have to recreate a token now. + $vars->{'token'} = issue_session_token('edit_user'); $vars->{'message'} = 'account_created'; $template->process('admin/users/edit.html.tmpl', $vars) || ThrowTemplateError($template->error()); @@ -212,6 +222,7 @@ if ($action eq 'search') { ########################################################################### } elsif ($action eq 'update') { + check_token_data($token, 'edit_user'); my $otherUser = check_user($otherUserID, $otherUserLogin); $otherUserID = $otherUser->id; @@ -388,6 +399,7 @@ if ($action eq 'search') { # XXX: userDataToVars may be off when editing ourselves. userDataToVars($otherUserID); + delete_token($token); $vars->{'message'} = 'account_updated'; $vars->{'loginold'} = $otherUser->login; @@ -396,6 +408,9 @@ if ($action eq 'search') { $vars->{'groups_removed_from'} = \@groupsRemovedFrom; $vars->{'groups_granted_rights_to_bless'} = \@groupsGrantedRightsToBless; $vars->{'groups_denied_rights_to_bless'} = \@groupsDeniedRightsToBless; + # We already display the updated page. We have to recreate a token now. + $vars->{'token'} = issue_session_token('edit_user'); + $template->process('admin/users/edit.html.tmpl', $vars) || ThrowTemplateError($template->error()); @@ -479,12 +494,14 @@ if ($action eq 'search') { AND mailto_type = ? }, undef, ($otherUserID, MAILTO_USER)); + $vars->{'token'} = issue_session_token('delete_user'); $template->process('admin/users/confirm-delete.html.tmpl', $vars) || ThrowTemplateError($template->error()); ########################################################################### } elsif ($action eq 'delete') { + check_token_data($token, 'delete_user'); my $otherUser = check_user($otherUserID, $otherUserLogin); $otherUserID = $otherUser->id; @@ -707,6 +724,7 @@ if ($action eq 'search') { $dbh->do('DELETE FROM profiles WHERE userid = ?', undef, $otherUserID); $dbh->bz_unlock_tables(); + delete_token($token); $vars->{'message'} = 'account_deleted'; $vars->{'otheruser'}{'login'} = $otherUser->login; @@ -857,6 +875,7 @@ sub edit_processing { object => "user"}); userDataToVars($otherUser->id); + $vars->{'token'} = issue_session_token('edit_user'); $template->process('admin/users/edit.html.tmpl', $vars) || ThrowTemplateError($template->error()); diff --git a/editvalues.cgi b/editvalues.cgi index b7e8ef12b..fe1ad546a 100755 --- a/editvalues.cgi +++ b/editvalues.cgi @@ -26,6 +26,7 @@ use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::Constants; use Bugzilla::Config qw(:admin); +use Bugzilla::Token; # List of different tables that contain the changeable field values # (the old "enums.") Keep them in alphabetical order by their @@ -121,6 +122,7 @@ my $field = trim($cgi->param('field') || ''); my $value = trim($cgi->param('value') || ''); my $sortkey = trim($cgi->param('sortkey') || '0'); my $action = trim($cgi->param('action') || ''); +my $token = $cgi->param('token'); # Gives the name of the parameter associated with the field # and representing its default value. @@ -186,6 +188,7 @@ if ($action eq 'add') { $vars->{'value'} = $value; $vars->{'field'} = $field; + $vars->{'token'} = issue_session_token('add_field_value'); $template->process("admin/fieldvalues/create.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -198,6 +201,7 @@ if ($action eq 'add') { # action='new' -> add field value entered in the 'action=add' screen # if ($action eq 'new') { + check_token_data($token, 'add_field_value'); FieldMustExist($field); trick_taint($field); @@ -228,6 +232,8 @@ if ($action eq 'new') { VALUES ( ?, ? )"); $sth->execute($value, $sortkey); + delete_token($token); + $vars->{'value'} = $value; $vars->{'field'} = $field; $template->process("admin/fieldvalues/created.html.tmpl", @@ -262,6 +268,7 @@ if ($action eq 'del') { if (lsearch($static{$field}, $value) >= 0) { ThrowUserError('fieldvalue_not_deletable', $vars); } + $vars->{'token'} = issue_session_token('delete_field_value'); $template->process("admin/fieldvalues/confirm-delete.html.tmpl", $vars) @@ -275,6 +282,7 @@ if ($action eq 'del') { # action='delete' -> really delete the field value # if ($action eq 'delete') { + check_token_data($token, 'delete_field_value'); ValueMustExist($field, $value); $vars->{'value'} = $value; @@ -311,6 +319,7 @@ if ($action eq 'delete') { $dbh->do("DELETE FROM $field WHERE value = ?", undef, $value); $dbh->bz_unlock_tables(); + delete_token($token); $template->process("admin/fieldvalues/deleted.html.tmpl", $vars) @@ -334,6 +343,7 @@ if ($action eq 'edit') { $vars->{'value'} = $value; $vars->{'field'} = $field; $vars->{'is_static'} = (lsearch($static{$field}, $value) >= 0) ? 1 : 0; + $vars->{'token'} = issue_session_token('edit_field_value'); $template->process("admin/fieldvalues/edit.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -346,6 +356,7 @@ if ($action eq 'edit') { # action='update' -> update the field value # if ($action eq 'update') { + check_token_data($token, 'edit_field_value'); my $valueold = trim($cgi->param('valueold') || ''); my $sortkeyold = trim($cgi->param('sortkeyold') || '0'); @@ -420,6 +431,7 @@ if ($action eq 'update') { write_params(); $vars->{'default_value_updated'} = 1; } + delete_token($token); $template->process("admin/fieldvalues/updated.html.tmpl", $vars) diff --git a/editversions.cgi b/editversions.cgi index 0941896a5..486756307 100755 --- a/editversions.cgi +++ b/editversions.cgi @@ -37,6 +37,7 @@ use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::Product; use Bugzilla::Version; +use Bugzilla::Token; my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -63,6 +64,7 @@ my $product_name = trim($cgi->param('product') || ''); my $version_name = trim($cgi->param('version') || ''); my $action = trim($cgi->param('action') || ''); my $showbugcounts = (defined $cgi->param('showbugcounts')); +my $token = $cgi->param('token'); # # product = '' -> Show nice list of products @@ -108,7 +110,7 @@ unless ($action) { # if ($action eq 'add') { - + $vars->{'token'} = issue_session_token('add_version'); $vars->{'product'} = $product; $template->process("admin/versions/create.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -123,8 +125,9 @@ if ($action eq 'add') { # if ($action eq 'new') { - + check_token_data($token, 'add_version'); my $version = Bugzilla::Version::create($version_name, $product); + delete_token($token); $vars->{'version'} = $version; $vars->{'product'} = $product; @@ -149,6 +152,7 @@ if ($action eq 'del') { $vars->{'version'} = $version; $vars->{'product'} = $product; + $vars->{'token'} = issue_session_token('delete_version'); $template->process("admin/versions/confirm-delete.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -162,9 +166,10 @@ if ($action eq 'del') { # if ($action eq 'delete') { - + check_token_data($token, 'delete_version'); my $version = Bugzilla::Version::check_version($product, $version_name); $version->remove_from_db; + delete_token($token); $vars->{'version'} = $version; $vars->{'product'} = $product; @@ -189,6 +194,7 @@ if ($action eq 'edit') { $vars->{'version'} = $version; $vars->{'product'} = $product; + $vars->{'token'} = issue_session_token('edit_version'); $template->process("admin/versions/edit.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -203,7 +209,7 @@ if ($action eq 'edit') { # if ($action eq 'update') { - + check_token_data($token, 'edit_version'); my $version_old_name = trim($cgi->param('versionold') || ''); my $version = Bugzilla::Version::check_version($product, $version_old_name); @@ -213,6 +219,7 @@ if ($action eq 'update') { $vars->{'updated'} = $version->update($version_name, $product); $dbh->bz_unlock_tables(); + delete_token($token); $vars->{'version'} = $version; $vars->{'product'} = $product; diff --git a/editwhines.cgi b/editwhines.cgi index 800c5385a..ba39b543d 100755 --- a/editwhines.cgi +++ b/editwhines.cgi @@ -35,6 +35,7 @@ use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::User; use Bugzilla::Group; +use Bugzilla::Token; # require the user to have logged in my $user = Bugzilla->login(LOGIN_REQUIRED); @@ -49,7 +50,7 @@ my $vars = {}; my $dbh = Bugzilla->dbh; my $userid = $user->id; - +my $token = $cgi->param('token'); my $sth; # database statement handle # $events is a hash ref, keyed by event id, that stores the active user's @@ -86,6 +87,8 @@ my $can_mail_others = Bugzilla->user->in_group('bz_canusewhineatothers'); # removed, then what was altered. if ($cgi->param('update')) { + check_token_data($token, 'edit_whine'); + if ($cgi->param("add_event")) { # we create a new event $sth = $dbh->prepare("INSERT INTO whine_events " . @@ -349,6 +352,7 @@ if ($cgi->param('update')) { } } } + delete_token($token); } $vars->{'mail_others'} = $can_mail_others; @@ -436,6 +440,7 @@ $vars->{'available_queries'} = []; while (my ($query) = $sth->fetchrow_array) { push @{$vars->{'available_queries'}}, $query; } +$vars->{'token'} = issue_session_token('edit_whine'); $template->process("whine/schedule.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/enter_bug.cgi b/enter_bug.cgi index 62abdcd81..317bd6d0c 100755 --- a/enter_bug.cgi +++ b/enter_bug.cgi @@ -335,7 +335,7 @@ $vars->{'qa_contact_disabled'} = !Bugzilla->user->in_group('editbugs'); $vars->{'cloned_bug_id'} = $cloned_bug_id; -$vars->{'token'} = Bugzilla::Token::IssueSessionToken('createbug:'); +$vars->{'token'} = issue_session_token('createbug:'); my @enter_bug_fields = Bugzilla->get_fields({ custom => 1, obsolete => 0, diff --git a/relogin.cgi b/relogin.cgi index e47dbe003..5aa187490 100755 --- a/relogin.cgi +++ b/relogin.cgi @@ -60,7 +60,7 @@ if ($action eq 'prepare-sudo') { } # Keep a temporary record of the user visiting this page - $vars->{'token'} = Bugzilla::Token::IssueSessionToken('sudo_prepared'); + $vars->{'token'} = issue_session_token('sudo_prepared'); # Show the sudo page $vars->{'target_login_default'} = $cgi->param('target_login'); @@ -121,7 +121,7 @@ elsif ($action eq 'begin-sudo') { { target_login => scalar $cgi->param('target_login'), reason => scalar $cgi->param('reason')}); } - Bugzilla::Token::DeleteToken($cgi->param('token')); + delete_token($cgi->param('token')); # Get & verify the target user (the user who we will be impersonating) my $target_user = diff --git a/skins/standard/global.css b/skins/standard/global.css index a2cf3ea93..5111a4a4a 100644 --- a/skins/standard/global.css +++ b/skins/standard/global.css @@ -289,3 +289,11 @@ span.quote { } table#flags th, table#flags td { vertical-align: baseline; text-align: left; } + +.throw_error { + background-color: #ff0000; + color: black; + font-size: 120%; + margin: 1em; + padding: 0.5em 1em; +} diff --git a/template/en/default/admin/classifications/add.html.tmpl b/template/en/default/admin/classifications/add.html.tmpl index 15b8fc3a2..d549bbc79 100644 --- a/template/en/default/admin/classifications/add.html.tmpl +++ b/template/en/default/admin/classifications/add.html.tmpl @@ -49,6 +49,7 @@
+

Back to the main [% terms.bugs %] page diff --git a/template/en/default/admin/classifications/del.html.tmpl b/template/en/default/admin/classifications/del.html.tmpl index 84c3cb197..ffb8fe065 100644 --- a/template/en/default/admin/classifications/del.html.tmpl +++ b/template/en/default/admin/classifications/del.html.tmpl @@ -56,6 +56,7 @@ +

Back to the main [% terms.bugs %] page diff --git a/template/en/default/admin/classifications/edit.html.tmpl b/template/en/default/admin/classifications/edit.html.tmpl index b56a401f4..923a79f5e 100644 --- a/template/en/default/admin/classifications/edit.html.tmpl +++ b/template/en/default/admin/classifications/edit.html.tmpl @@ -77,6 +77,7 @@ + diff --git a/template/en/default/admin/classifications/reclassify.html.tmpl b/template/en/default/admin/classifications/reclassify.html.tmpl index 0db2fc265..113c6f630 100644 --- a/template/en/default/admin/classifications/reclassify.html.tmpl +++ b/template/en/default/admin/classifications/reclassify.html.tmpl @@ -82,6 +82,7 @@ +

Back to the main [% terms.bugs %] page, diff --git a/template/en/default/admin/components/confirm-delete.html.tmpl b/template/en/default/admin/components/confirm-delete.html.tmpl index e7e00636e..1d7553f83 100644 --- a/template/en/default/admin/components/confirm-delete.html.tmpl +++ b/template/en/default/admin/components/confirm-delete.html.tmpl @@ -150,6 +150,7 @@ + [% END %] diff --git a/template/en/default/admin/components/create.html.tmpl b/template/en/default/admin/components/create.html.tmpl index 013ee861e..9b4a19bf0 100644 --- a/template/en/default/admin/components/create.html.tmpl +++ b/template/en/default/admin/components/create.html.tmpl @@ -102,7 +102,7 @@ - + [% PROCESS admin/components/footer.html.tmpl %] diff --git a/template/en/default/admin/components/edit.html.tmpl b/template/en/default/admin/components/edit.html.tmpl index 6ee3a69fe..81a6e9fc2 100644 --- a/template/en/default/admin/components/edit.html.tmpl +++ b/template/en/default/admin/components/edit.html.tmpl @@ -119,6 +119,7 @@ + or + #%] + +[%# INTERFACE: + # abuser: identity of the user who created the (invalid?) token. + # token_action: the action the token was supposed to serve. + # expected_action: the action the user was going to do. + # script_name: the script generating this warning. + #%] + +[% PROCESS "global/field-descs.none.tmpl" %] + +[% PROCESS global/header.html.tmpl title = "Suspicious Action" + style_urls = ['skins/standard/global.css'] %] + +[% IF abuser %] +

+

When you view an administrative form in [% terms.Bugzilla %], a token string + is randomly generated and stored both in the database and in the form you loaded, + to make sure that the requested changes are being made as a result of submitting + a form generated by [% terms.Bugzilla %]. Unfortunately, the token used right now + is incorrect, meaning that it looks like you didn't come from the right page. + The following token has been used :

+ + + [% IF token_action != expected_action %] + + + + + + + + + [% END %] + + [% IF abuser != user.identity %] + + + + + + + + + [% END %] +
Action stored:[% token_action FILTER html %]
  + This action doesn't match the one expected ([% expected_action FILTER html %]). +
Generated by:[% abuser FILTER html %]
  + This token has not been generated by you. It is possible that someone + tried to trick you! +
+ +

Please report this problem to [%+ Param("maintainer") FILTER html %].

+
+[% ELSE %] +
+ It looks like you didn't come from the right page (you have no valid token for + the [% expected_action FILTER html %] action while processing the + '[% script_name FILTER html%]' script). The reason could be one of:
+
    +
  • You clicked the "Back" button of your web browser after having successfully + submitted changes, which is generally not a good idea (but harmless).
    • +
  • You entered the URL in the address bar of your web browser directly, + which should be safe.
    • +
  • You clicked on a URL which redirected you here without your consent, + in which case this action is much more critical.
    • +
+ Are you sure you want to commit these changes anyway? This may result in + unexpected and undesired results. +
+ +
+ [% PROCESS "global/hidden-fields.html.tmpl" + exclude="^(Bugzilla_login|Bugzilla_password)$" %] + +
+

Or throw away these changes and go back to + [%- script_name FILTER html %].

+[% END %] + +[% PROCESS global/footer.html.tmpl %] diff --git a/template/en/default/admin/custom_fields/create.html.tmpl b/template/en/default/admin/custom_fields/create.html.tmpl index e8b66deca..995c4d0a9 100644 --- a/template/en/default/admin/custom_fields/create.html.tmpl +++ b/template/en/default/admin/custom_fields/create.html.tmpl @@ -102,6 +102,7 @@
+ diff --git a/template/en/default/admin/custom_fields/edit.html.tmpl b/template/en/default/admin/custom_fields/edit.html.tmpl index 6ffa3d89d..2165ac323 100644 --- a/template/en/default/admin/custom_fields/edit.html.tmpl +++ b/template/en/default/admin/custom_fields/edit.html.tmpl @@ -98,6 +98,7 @@
+ diff --git a/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl b/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl index d29c124d6..4cd001476 100644 --- a/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl +++ b/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl @@ -111,6 +111,7 @@ + [% END %] diff --git a/template/en/default/admin/fieldvalues/create.html.tmpl b/template/en/default/admin/fieldvalues/create.html.tmpl index c0d364416..2e87af053 100644 --- a/template/en/default/admin/fieldvalues/create.html.tmpl +++ b/template/en/default/admin/fieldvalues/create.html.tmpl @@ -42,7 +42,7 @@ - +

diff --git a/template/en/default/admin/fieldvalues/edit.html.tmpl b/template/en/default/admin/fieldvalues/edit.html.tmpl index 362ed4753..7ff3c0e33 100644 --- a/template/en/default/admin/fieldvalues/edit.html.tmpl +++ b/template/en/default/admin/fieldvalues/edit.html.tmpl @@ -55,8 +55,8 @@ + -

diff --git a/template/en/default/admin/flag-type/confirm-delete.html.tmpl b/template/en/default/admin/flag-type/confirm-delete.html.tmpl index fda34e3b1..0af9fb5a2 100644 --- a/template/en/default/admin/flag-type/confirm-delete.html.tmpl +++ b/template/en/default/admin/flag-type/confirm-delete.html.tmpl @@ -21,18 +21,16 @@ [% PROCESS global/variables.none.tmpl %] -[%# Filter off the name here to be used multiple times below %] -[% name = BLOCK %][% flag_type.name FILTER html %][% END %] +[% title = BLOCK %]Confirm Deletion of Flag Type '[% flag_type.name FILTER html %]'[% END %] -[% PROCESS global/header.html.tmpl - title = "Confirm Deletion of Flag Type '$name'" -%] +[% PROCESS global/header.html.tmpl title = title %]

- There are [% flag_type.flag_count %] flags of type [% name FILTER html %]. + There are [% flag_type.flag_count %] flags of type [% flag_type.name FILTER html %]. If you delete this type, those flags will also be deleted. Note that instead of deleting the type you can - deactivate it, + deactivate it, in which case the type and its flags will remain in the database but will not appear in the [% terms.Bugzilla %] UI.

@@ -45,8 +43,8 @@ - - Yes, delete + Yes, delete diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl index 942fb3b09..e78c83643 100644 --- a/template/en/default/admin/flag-type/edit.html.tmpl +++ b/template/en/default/admin/flag-type/edit.html.tmpl @@ -53,6 +53,7 @@
+ [% FOREACH category = type.inclusions %] diff --git a/template/en/default/admin/flag-type/list.html.tmpl b/template/en/default/admin/flag-type/list.html.tmpl index 94fe3da0c..3346f9570 100644 --- a/template/en/default/admin/flag-type/list.html.tmpl +++ b/template/en/default/admin/flag-type/list.html.tmpl @@ -101,25 +101,6 @@ Create Flag Type For Attachments

- - [% PROCESS global/footer.html.tmpl %] @@ -157,9 +138,7 @@ [% IF type.request_group %][% type.request_group.name FILTER html %][% END %] Copy - | Delete + | Delete diff --git a/template/en/default/admin/groups/create.html.tmpl b/template/en/default/admin/groups/create.html.tmpl index 2b50d73a2..d6422f769 100644 --- a/template/en/default/admin/groups/create.html.tmpl +++ b/template/en/default/admin/groups/create.html.tmpl @@ -49,6 +49,7 @@ Insert new group into all existing products.

+

Name is what is used with the Bugzilla->user->in_group() diff --git a/template/en/default/admin/groups/delete.html.tmpl b/template/en/default/admin/groups/delete.html.tmpl index f5aa7a9b4..22701407a 100644 --- a/template/en/default/admin/groups/delete.html.tmpl +++ b/template/en/default/admin/groups/delete.html.tmpl @@ -123,6 +123,7 @@

+ Go back to the group list. diff --git a/template/en/default/admin/groups/edit.html.tmpl b/template/en/default/admin/groups/edit.html.tmpl index c1d032e1a..6c5771661 100644 --- a/template/en/default/admin/groups/edit.html.tmpl +++ b/template/en/default/admin/groups/edit.html.tmpl @@ -214,6 +214,7 @@ + Back to the group list. diff --git a/template/en/default/admin/keywords/confirm-delete.html.tmpl b/template/en/default/admin/keywords/confirm-delete.html.tmpl index 89123e2bf..0d68524d7 100755 --- a/template/en/default/admin/keywords/confirm-delete.html.tmpl +++ b/template/en/default/admin/keywords/confirm-delete.html.tmpl @@ -45,6 +45,7 @@ + diff --git a/template/en/default/admin/keywords/create.html.tmpl b/template/en/default/admin/keywords/create.html.tmpl index 103aa03b2..45d97819e 100755 --- a/template/en/default/admin/keywords/create.html.tmpl +++ b/template/en/default/admin/keywords/create.html.tmpl @@ -51,6 +51,7 @@ +

Edit other keywords.

diff --git a/template/en/default/admin/keywords/edit.html.tmpl b/template/en/default/admin/keywords/edit.html.tmpl index 0d3beaf33..81f072b8b 100755 --- a/template/en/default/admin/keywords/edit.html.tmpl +++ b/template/en/default/admin/keywords/edit.html.tmpl @@ -66,6 +66,7 @@ +

Edit other keywords.

diff --git a/template/en/default/admin/milestones/confirm-delete.html.tmpl b/template/en/default/admin/milestones/confirm-delete.html.tmpl index 1667af3b7..b1f893ffd 100644 --- a/template/en/default/admin/milestones/confirm-delete.html.tmpl +++ b/template/en/default/admin/milestones/confirm-delete.html.tmpl @@ -90,6 +90,7 @@ + [% PROCESS admin/milestones/footer.html.tmpl %] diff --git a/template/en/default/admin/milestones/create.html.tmpl b/template/en/default/admin/milestones/create.html.tmpl index 8dd23e3de..edace52bf 100644 --- a/template/en/default/admin/milestones/create.html.tmpl +++ b/template/en/default/admin/milestones/create.html.tmpl @@ -49,7 +49,7 @@ - +

diff --git a/template/en/default/admin/milestones/edit.html.tmpl b/template/en/default/admin/milestones/edit.html.tmpl index f216166b1..c7aeb031a 100644 --- a/template/en/default/admin/milestones/edit.html.tmpl +++ b/template/en/default/admin/milestones/edit.html.tmpl @@ -55,7 +55,7 @@ - +

diff --git a/template/en/default/admin/params/editparams.html.tmpl b/template/en/default/admin/params/editparams.html.tmpl index ef379e75c..ce5442b3a 100644 --- a/template/en/default/admin/params/editparams.html.tmpl +++ b/template/en/default/admin/params/editparams.html.tmpl @@ -99,6 +99,7 @@ [% PROCESS admin/params/common.html.tmpl panel = current_panel %] + diff --git a/template/en/default/admin/products/confirm-delete.html.tmpl b/template/en/default/admin/products/confirm-delete.html.tmpl index 75aeb623a..84f8da569 100644 --- a/template/en/default/admin/products/confirm-delete.html.tmpl +++ b/template/en/default/admin/products/confirm-delete.html.tmpl @@ -263,6 +263,7 @@ + diff --git a/template/en/default/admin/products/create.html.tmpl b/template/en/default/admin/products/create.html.tmpl index fd1ed34cc..5fb7d8bd1 100644 --- a/template/en/default/admin/products/create.html.tmpl +++ b/template/en/default/admin/products/create.html.tmpl @@ -57,6 +57,7 @@ + diff --git a/template/en/default/admin/products/edit.html.tmpl b/template/en/default/admin/products/edit.html.tmpl index 105ec6e74..0371e3343 100644 --- a/template/en/default/admin/products/edit.html.tmpl +++ b/template/en/default/admin/products/edit.html.tmpl @@ -132,6 +132,7 @@ versions: + diff --git a/template/en/default/admin/products/groupcontrol/edit.html.tmpl b/template/en/default/admin/products/groupcontrol/edit.html.tmpl index 174d15869..32b5e9d8c 100644 --- a/template/en/default/admin/products/groupcontrol/edit.html.tmpl +++ b/template/en/default/admin/products/groupcontrol/edit.html.tmpl @@ -31,6 +31,7 @@

+ diff --git a/template/en/default/admin/settings/edit.html.tmpl b/template/en/default/admin/settings/edit.html.tmpl index 9ca9226e7..8881fc3dc 100644 --- a/template/en/default/admin/settings/edit.html.tmpl +++ b/template/en/default/admin/settings/edit.html.tmpl @@ -85,6 +85,7 @@ page, and the Default Value will automatically apply to everyone. + diff --git a/template/en/default/admin/users/confirm-delete.html.tmpl b/template/en/default/admin/users/confirm-delete.html.tmpl index 6f0a565ca..4c348fa10 100644 --- a/template/en/default/admin/users/confirm-delete.html.tmpl +++ b/template/en/default/admin/users/confirm-delete.html.tmpl @@ -448,6 +448,7 @@ + [% INCLUDE listselectionhiddenfields %]

diff --git a/template/en/default/admin/users/create.html.tmpl b/template/en/default/admin/users/create.html.tmpl index 4cef3884a..66cdd91e0 100644 --- a/template/en/default/admin/users/create.html.tmpl +++ b/template/en/default/admin/users/create.html.tmpl @@ -41,6 +41,7 @@

+ [% INCLUDE listselectionhiddenfields %]

diff --git a/template/en/default/admin/users/edit.html.tmpl b/template/en/default/admin/users/edit.html.tmpl index b0cc21082..61778ad93 100644 --- a/template/en/default/admin/users/edit.html.tmpl +++ b/template/en/default/admin/users/edit.html.tmpl @@ -106,6 +106,7 @@ + [% INCLUDE listselectionhiddenfields %] or + [% END %] diff --git a/template/en/default/admin/versions/create.html.tmpl b/template/en/default/admin/versions/create.html.tmpl index 44d43cab4..c421ab12b 100644 --- a/template/en/default/admin/versions/create.html.tmpl +++ b/template/en/default/admin/versions/create.html.tmpl @@ -43,7 +43,7 @@ - +

diff --git a/template/en/default/admin/versions/edit.html.tmpl b/template/en/default/admin/versions/edit.html.tmpl index 7f0de2677..cfdfd4981 100644 --- a/template/en/default/admin/versions/edit.html.tmpl +++ b/template/en/default/admin/versions/edit.html.tmpl @@ -48,8 +48,8 @@ + -

diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index d9a3e1913..0c37234ff 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -512,7 +512,6 @@ 'admin/flag-type/list.html.tmpl' => [ 'type.id', - 'type.flag_count', ], diff --git a/template/en/default/whine/schedule.html.tmpl b/template/en/default/whine/schedule.html.tmpl index c7370a3e1..28fceabab 100644 --- a/template/en/default/whine/schedule.html.tmpl +++ b/template/en/default/whine/schedule.html.tmpl @@ -82,6 +82,7 @@ + [% FOREACH event = events %] diff --git a/token.cgi b/token.cgi index 30913642e..282d2fcbb 100755 --- a/token.cgi +++ b/token.cgi @@ -378,7 +378,7 @@ sub confirm_create_account { cryptpassword => $cgi->param('passwd1')}); # Now delete this token. - Bugzilla::Token::DeleteToken($::token); + delete_token($::token); # Let the user know that his user account has been successfully created. $vars->{'message'} = 'account_created'; -- cgit v1.2.3-24-g4f1b