From af3e4c43b0ad6267669d2e987d6ae3acdde70253 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Wed, 18 Apr 2012 19:00:42 +0200
Subject: Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists
 permits attackers to access all bugs that the victim can see r=glob a=LpSolit

---
 buglist.cgi | 10 ----------
 1 file changed, 10 deletions(-)

(limited to 'buglist.cgi')

diff --git a/buglist.cgi b/buglist.cgi
index ca51e6243..d4ddfbd63 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -112,16 +112,6 @@ if (defined $cgi->param('ctype') && $cgi->param('ctype') eq "rss") {
     $cgi->param('ctype', "atom");
 }
 
-# The js ctype presents a security risk; a malicious site could use it  
-# to gather information about secure bugs. So, we only allow public bugs to be
-# retrieved with this format.
-#
-# Note that if and when this call clears cookies or has other persistent 
-# effects, we'll need to do this another way instead.
-if ((defined $cgi->param('ctype')) && ($cgi->param('ctype') eq "js")) {
-    Bugzilla->logout_request();
-}
-
 # An agent is a program that automatically downloads and extracts data
 # on its user's behalf.  If this request comes from an agent, we turn off
 # various aspects of bug list functionality so agent requests succeed
-- 
cgit v1.2.3-24-g4f1b