From 93815fc7619567cc962e053280c5ed0b19492feb Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sun, 15 Oct 2006 05:02:09 +0000 Subject: Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin r=mkanat a=myk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- editproducts.cgi | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) (limited to 'editproducts.cgi') diff --git a/editproducts.cgi b/editproducts.cgi index 4c4394926..6fc5da258 100755 --- a/editproducts.cgi +++ b/editproducts.cgi @@ -47,6 +47,7 @@ use Bugzilla::Milestone; use Bugzilla::Group; use Bugzilla::User; use Bugzilla::Field; +use Bugzilla::Token; # # Preliminary checks: @@ -74,6 +75,7 @@ my $classification_name = trim($cgi->param('classification') || ''); my $product_name = trim($cgi->param('product') || ''); my $action = trim($cgi->param('action') || ''); my $showbugcounts = (defined $cgi->param('showbugcounts')); +my $token = $cgi->param('token'); # # product = '' -> Show nice list of classifications (if @@ -128,12 +130,13 @@ if (!$action && !$product_name) { # if ($action eq 'add') { - if (Bugzilla->params->{'useclassification'}) { my $classification = Bugzilla::Classification::check_classification($classification_name); $vars->{'classification'} = $classification; } + $vars->{'token'} = issue_session_token('add_product'); + $template->process("admin/products/create.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -146,7 +149,7 @@ if ($action eq 'add') { # if ($action eq 'new') { - + check_token_data($token, 'add_product'); # Cleanups and validity checks my $classification_id = 1; @@ -306,6 +309,8 @@ if ($action eq 'new') { $series->writeToDatabase(); } } + delete_token($token); + $vars->{'product'} = $product; $template->process("admin/products/created.html.tmpl", $vars) @@ -339,6 +344,7 @@ if ($action eq 'del') { } $vars->{'product'} = $product; + $vars->{'token'} = issue_session_token('delete_product'); $template->process("admin/products/confirm-delete.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -350,6 +356,7 @@ if ($action eq 'del') { # if ($action eq 'delete') { + check_token_data($token, 'delete_product'); # First make sure the product name is valid. my $product = Bugzilla::Product::check_product($product_name); @@ -413,6 +420,8 @@ if ($action eq 'delete') { $dbh->bz_unlock_tables(); + delete_token($token); + $template->process("admin/products/deleted.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -467,9 +476,9 @@ if ($action eq 'edit' || (!$action && $product_name)) { } } $vars->{'group_controls'} = $group_controls; - $vars->{'product'} = $product; - + $vars->{'token'} = issue_session_token('edit_product'); + $template->process("admin/products/edit.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -481,6 +490,7 @@ if ($action eq 'edit' || (!$action && $product_name)) { # if ($action eq 'updategroupcontrols') { + check_token_data($token, 'edit_group_controls'); # First make sure the product name is valid. my $product = Bugzilla::Product::check_product($product_name); @@ -722,10 +732,10 @@ if ($action eq 'updategroupcontrols') { } $dbh->bz_unlock_tables(); - $vars->{'removed_na'} = \@removed_na; + delete_token($token); + $vars->{'removed_na'} = \@removed_na; $vars->{'added_mandatory'} = \@added_mandatory; - $vars->{'product'} = $product; $template->process("admin/products/groupcontrol/updated.html.tmpl", $vars) @@ -737,7 +747,7 @@ if ($action eq 'updategroupcontrols') { # action='update' -> update the product # if ($action eq 'update') { - + check_token_data($token, 'edit_product'); my $product_old_name = trim($cgi->param('product_old_name') || ''); my $description = trim($cgi->param('description') || ''); my $disallownew = trim($cgi->param('disallownew') || ''); @@ -980,6 +990,7 @@ if ($action eq 'update') { $vars->{'confirmedbugs'} = \@updated_bugs; $vars->{'changer'} = $user->login; } + delete_token($token); $vars->{'old_product'} = $product_old; $vars->{'product'} = $product; @@ -1022,6 +1033,7 @@ if ($action eq 'editgroupcontrols') { $vars->{'product'} = $product; $vars->{'groups'} = $groups; + $vars->{'token'} = issue_session_token('edit_group_controls'); $vars->{'const'} = { 'CONTROLMAPNA' => CONTROLMAPNA, -- cgit v1.2.3-24-g4f1b