From aa94254a92a7d1c4f09275b5937c3eae7300dad6 Mon Sep 17 00:00:00 2001
From: David Lawrence <dlawrence@mozilla.com>
Date: Thu, 6 Jan 2011 23:02:28 -0500
Subject: Bug 621090 - [SECURITY] Adding saved searches lacks CSRF protection
 r/a=mkanat

---
 buglist.cgi | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'buglist.cgi')

diff --git a/buglist.cgi b/buglist.cgi
index bd285ebc0..ebce66532 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -504,6 +504,8 @@ elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) {
         my $query_name = $cgi->param('newqueryname');
         my $new_query = $cgi->param('newquery');
         my $query_type = QUERY_LIST;
+        my $token = $cgi->param('token');
+        check_hash_token($token, ['savedsearch']);
         # If list_of_bugs is true, we are adding/removing individual bugs
         # to a saved search. We get the existing list of bug IDs (if any)
         # and add/remove the passed ones.
-- 
cgit v1.2.3-24-g4f1b