From d382992164347e076c51d3116a32aeabb2beecd5 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Mon, 2 Feb 2009 18:59:17 +0000 Subject: Bug 466692: [SECURITY] keywords and unused flag types can be deleted by bypassing the token check - Patch by Frédéric Buclin r=mkanat a=LpSolit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- editflagtypes.cgi | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) (limited to 'editflagtypes.cgi') diff --git a/editflagtypes.cgi b/editflagtypes.cgi index d77c6b8a3..4dbaae573 100755 --- a/editflagtypes.cgi +++ b/editflagtypes.cgi @@ -80,7 +80,7 @@ elsif ($action eq 'edit') { edit($action); } elsif ($action eq 'insert') { insert($token); } elsif ($action eq 'update') { update($token); } elsif ($action eq 'confirmdelete') { confirmDelete(); } -elsif ($action eq 'delete') { deleteType(undef, $token); } +elsif ($action eq 'delete') { deleteType($token); } elsif ($action eq 'deactivate') { deactivate($token); } else { ThrowCodeError("action_unrecognized", { action => $action }); @@ -460,9 +460,8 @@ sub update { sub confirmDelete { - my $flag_type = validateID(); + my $flag_type = validateID(); - if ($flag_type->flag_count) { $vars->{'flag_type'} = $flag_type; $vars->{'token'} = issue_session_token('delete_flagtype'); # Return the appropriate HTTP response headers. @@ -471,20 +470,13 @@ sub confirmDelete { # Generate and return the UI (HTML page) from the appropriate template. $template->process("admin/flag-type/confirm-delete.html.tmpl", $vars) || ThrowTemplateError($template->error()); - } - else { - # We should *always* ask if the admin really wants to delete - # a flagtype, even if there is no flag belonging to this type. - my $token = issue_session_token('delete_flagtype'); - deleteType($flag_type, $token); - } } sub deleteType { - my $flag_type = shift || validateID(); my $token = shift; check_token_data($token, 'delete_flagtype'); + my $flag_type = validateID(); my $id = $flag_type->id; my $dbh = Bugzilla->dbh; -- cgit v1.2.3-24-g4f1b