From 10b4a9266d92269fd48d12d1a6de983858ea9b74 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 24 Jan 2011 18:12:29 +0100
Subject: Bug 621108: [SECURITY] Creating/editing charts lacks CSRF protection
 r=dkl a=LpSolit

---
 chart.cgi | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'chart.cgi')

diff --git a/chart.cgi b/chart.cgi
index 12ef8d834..a04cde068 100755
--- a/chart.cgi
+++ b/chart.cgi
@@ -146,6 +146,8 @@ elsif ($action eq "wrap") {
 }
 elsif ($action eq "create") {
     assertCanCreate($cgi);
+    my $token = $cgi->param('token');
+    check_hash_token($token, ['create-series']);
     
     my $series = new Bugzilla::Series($cgi);
 
@@ -164,9 +166,11 @@ elsif ($action eq "edit") {
     edit($series);
 }
 elsif ($action eq "alter") {
-    assertCanEdit($series_id);
+    my $series = assertCanEdit($series_id);
+    my $token = $cgi->param('token');
+    check_hash_token($token, [$series->id, $series->name]);
     # XXX - This should be replaced by $series->set_foo() methods.
-    my $series = new Bugzilla::Series($cgi);
+    $series = new Bugzilla::Series($cgi);
 
     # We need to check if there is _another_ series in the database with
     # our (potentially new) name. So we call existsInDatabase() to see if
-- 
cgit v1.2.3-24-g4f1b