From ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6 Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Mon, 24 Jan 2011 14:35:31 -0500 Subject: Bug 621105 - [SECURITY] Voting lacks CSRF protection r=mkanat,a=LpSolit --- extensions/Voting/Extension.pm | 4 ++++ extensions/Voting/template/en/default/pages/voting/user.html.tmpl | 1 + extensions/Voting/template/en/default/voting/delete-all.html.tmpl | 1 + 3 files changed, 6 insertions(+) diff --git a/extensions/Voting/Extension.pm b/extensions/Voting/Extension.pm index d94ff8430..8417e0ec3 100644 --- a/extensions/Voting/Extension.pm +++ b/extensions/Voting/Extension.pm @@ -36,6 +36,7 @@ use Bugzilla::Field; use Bugzilla::Mailer; use Bugzilla::User; use Bugzilla::Util qw(detaint_natural); +use Bugzilla::Token; use List::Util qw(min); @@ -529,6 +530,9 @@ sub _update_votes { || ThrowUserError("voting_must_be_nonnegative"); } + my $token = $cgi->param('token'); + check_hash_token($token, ['vote']); + ############################################################################ # End Data/Security Validation ############################################################################ diff --git a/extensions/Voting/template/en/default/pages/voting/user.html.tmpl b/extensions/Voting/template/en/default/pages/voting/user.html.tmpl index f2ac160f8..dbceaf217 100644 --- a/extensions/Voting/template/en/default/pages/voting/user.html.tmpl +++ b/extensions/Voting/template/en/default/pages/voting/user.html.tmpl @@ -74,6 +74,7 @@ [% IF products.size %]
+ diff --git a/extensions/Voting/template/en/default/voting/delete-all.html.tmpl b/extensions/Voting/template/en/default/voting/delete-all.html.tmpl index 82ddc3596..f0d3b7e13 100644 --- a/extensions/Voting/template/en/default/voting/delete-all.html.tmpl +++ b/extensions/Voting/template/en/default/voting/delete-all.html.tmpl @@ -35,6 +35,7 @@ +

Yes, delete all my votes -- cgit v1.2.3-24-g4f1b