From 93815fc7619567cc962e053280c5ed0b19492feb Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Sun, 15 Oct 2006 05:02:09 +0000
Subject: Bug 281181: [SECURITY] It's way too easy to delete
 versions/components/milestones etc... - Patch by Frédéric Buclin
 <LpSolit@gmail.com> r=mkanat a=myk
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 editversions.cgi | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'editversions.cgi')

diff --git a/editversions.cgi b/editversions.cgi
index 0941896a5..486756307 100755
--- a/editversions.cgi
+++ b/editversions.cgi
@@ -37,6 +37,7 @@ use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::Product;
 use Bugzilla::Version;
+use Bugzilla::Token;
 
 my $cgi = Bugzilla->cgi;
 my $dbh = Bugzilla->dbh;
@@ -63,6 +64,7 @@ my $product_name = trim($cgi->param('product') || '');
 my $version_name = trim($cgi->param('version') || '');
 my $action       = trim($cgi->param('action')  || '');
 my $showbugcounts = (defined $cgi->param('showbugcounts'));
+my $token        = $cgi->param('token');
 
 #
 # product = '' -> Show nice list of products
@@ -108,7 +110,7 @@ unless ($action) {
 #
 
 if ($action eq 'add') {
-
+    $vars->{'token'} = issue_session_token('add_version');
     $vars->{'product'} = $product;
     $template->process("admin/versions/create.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
@@ -123,8 +125,9 @@ if ($action eq 'add') {
 #
 
 if ($action eq 'new') {
-
+    check_token_data($token, 'add_version');
     my $version = Bugzilla::Version::create($version_name, $product);
+    delete_token($token);
 
     $vars->{'version'} = $version;
     $vars->{'product'} = $product;
@@ -149,6 +152,7 @@ if ($action eq 'del') {
 
     $vars->{'version'} = $version;
     $vars->{'product'} = $product;
+    $vars->{'token'} = issue_session_token('delete_version');
     $template->process("admin/versions/confirm-delete.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
 
@@ -162,9 +166,10 @@ if ($action eq 'del') {
 #
 
 if ($action eq 'delete') {
-
+    check_token_data($token, 'delete_version');
     my $version = Bugzilla::Version::check_version($product, $version_name);
     $version->remove_from_db;
+    delete_token($token);
 
     $vars->{'version'} = $version;
     $vars->{'product'} = $product;
@@ -189,6 +194,7 @@ if ($action eq 'edit') {
 
     $vars->{'version'} = $version;
     $vars->{'product'} = $product;
+    $vars->{'token'} = issue_session_token('edit_version');
 
     $template->process("admin/versions/edit.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
@@ -203,7 +209,7 @@ if ($action eq 'edit') {
 #
 
 if ($action eq 'update') {
-
+    check_token_data($token, 'edit_version');
     my $version_old_name = trim($cgi->param('versionold') || '');
     my $version =
         Bugzilla::Version::check_version($product, $version_old_name);
@@ -213,6 +219,7 @@ if ($action eq 'update') {
     $vars->{'updated'} = $version->update($version_name, $product);
 
     $dbh->bz_unlock_tables();
+    delete_token($token);
 
     $vars->{'version'} = $version;
     $vars->{'product'} = $product;
-- 
cgit v1.2.3-24-g4f1b