From 534fc2123e40b7517aeaffd709faf72af97ac3b8 Mon Sep 17 00:00:00 2001
From: Dylan Hardison <dylan@mozilla.com>
Date: Thu, 5 Nov 2015 00:28:14 -0500
Subject: Bug 1196743 - Fix information disclosure vulnerability that allows
 attacker to obtain victim's GitHub OAuth return code

---
 Bugzilla/Token.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Bugzilla/Token.pm')

diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm
index 3c5261821..6e3095549 100644
--- a/Bugzilla/Token.pm
+++ b/Bugzilla/Token.pm
@@ -237,7 +237,7 @@ sub issue_short_lived_session_token {
     # the token to the caller.
 
     $user //= Bugzilla->user;
-    return _create_token($user->id, 'session.short', $data);
+    return _create_token($user->id ? $user->id : undef, 'session.short', $data);
 }
 
 sub issue_hash_token {
-- 
cgit v1.2.3-24-g4f1b