From 93815fc7619567cc962e053280c5ed0b19492feb Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sun, 15 Oct 2006 05:02:09 +0000 Subject: Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin r=mkanat a=myk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- editversions.cgi | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'editversions.cgi') diff --git a/editversions.cgi b/editversions.cgi index 0941896a5..486756307 100755 --- a/editversions.cgi +++ b/editversions.cgi @@ -37,6 +37,7 @@ use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::Product; use Bugzilla::Version; +use Bugzilla::Token; my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -63,6 +64,7 @@ my $product_name = trim($cgi->param('product') || ''); my $version_name = trim($cgi->param('version') || ''); my $action = trim($cgi->param('action') || ''); my $showbugcounts = (defined $cgi->param('showbugcounts')); +my $token = $cgi->param('token'); # # product = '' -> Show nice list of products @@ -108,7 +110,7 @@ unless ($action) { # if ($action eq 'add') { - + $vars->{'token'} = issue_session_token('add_version'); $vars->{'product'} = $product; $template->process("admin/versions/create.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -123,8 +125,9 @@ if ($action eq 'add') { # if ($action eq 'new') { - + check_token_data($token, 'add_version'); my $version = Bugzilla::Version::create($version_name, $product); + delete_token($token); $vars->{'version'} = $version; $vars->{'product'} = $product; @@ -149,6 +152,7 @@ if ($action eq 'del') { $vars->{'version'} = $version; $vars->{'product'} = $product; + $vars->{'token'} = issue_session_token('delete_version'); $template->process("admin/versions/confirm-delete.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -162,9 +166,10 @@ if ($action eq 'del') { # if ($action eq 'delete') { - + check_token_data($token, 'delete_version'); my $version = Bugzilla::Version::check_version($product, $version_name); $version->remove_from_db; + delete_token($token); $vars->{'version'} = $version; $vars->{'product'} = $product; @@ -189,6 +194,7 @@ if ($action eq 'edit') { $vars->{'version'} = $version; $vars->{'product'} = $product; + $vars->{'token'} = issue_session_token('edit_version'); $template->process("admin/versions/edit.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -203,7 +209,7 @@ if ($action eq 'edit') { # if ($action eq 'update') { - + check_token_data($token, 'edit_version'); my $version_old_name = trim($cgi->param('versionold') || ''); my $version = Bugzilla::Version::check_version($product, $version_old_name); @@ -213,6 +219,7 @@ if ($action eq 'update') { $vars->{'updated'} = $version->update($version_name, $product); $dbh->bz_unlock_tables(); + delete_token($token); $vars->{'version'} = $version; $vars->{'product'} = $product; -- cgit v1.2.3-24-g4f1b