From 93815fc7619567cc962e053280c5ed0b19492feb Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Sun, 15 Oct 2006 05:02:09 +0000
Subject: Bug 281181: [SECURITY] It's way too easy to delete
 versions/components/milestones etc... - Patch by Frédéric Buclin
 <LpSolit@gmail.com> r=mkanat a=myk
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 editwhines.cgi | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'editwhines.cgi')

diff --git a/editwhines.cgi b/editwhines.cgi
index 800c5385a..ba39b543d 100755
--- a/editwhines.cgi
+++ b/editwhines.cgi
@@ -35,6 +35,7 @@ use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::User;
 use Bugzilla::Group;
+use Bugzilla::Token;
 
 # require the user to have logged in
 my $user = Bugzilla->login(LOGIN_REQUIRED);
@@ -49,7 +50,7 @@ my $vars     = {};
 my $dbh      = Bugzilla->dbh;
 
 my $userid   = $user->id;
-
+my $token    = $cgi->param('token');
 my $sth; # database statement handle
 
 # $events is a hash ref, keyed by event id, that stores the active user's
@@ -86,6 +87,8 @@ my $can_mail_others = Bugzilla->user->in_group('bz_canusewhineatothers');
 # removed, then what was altered.
 
 if ($cgi->param('update')) {
+    check_token_data($token, 'edit_whine');
+
     if ($cgi->param("add_event")) {
         # we create a new event
         $sth = $dbh->prepare("INSERT INTO whine_events " .
@@ -349,6 +352,7 @@ if ($cgi->param('update')) {
             }
         }
     }
+    delete_token($token);
 }
 
 $vars->{'mail_others'} = $can_mail_others;
@@ -436,6 +440,7 @@ $vars->{'available_queries'} = [];
 while (my ($query) = $sth->fetchrow_array) {
     push @{$vars->{'available_queries'}}, $query;
 }
+$vars->{'token'} = issue_session_token('edit_whine');
 
 $template->process("whine/schedule.html.tmpl", $vars)
   || ThrowTemplateError($template->error());
-- 
cgit v1.2.3-24-g4f1b