From dc51769c9f7fb84ac2e43112f2d106a4770f5781 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Mon, 2 Feb 2009 18:33:29 +0000
Subject: Bug 26257: [SECURITY] Bugzilla should prevent malicious webpages from
 making bugzilla users submit changes to bugs - Patch by Frédéric Buclin
 <LpSolit@gmail.com> r=mkanat a=LpSolit
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 email_in.pl | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'email_in.pl')

diff --git a/email_in.pl b/email_in.pl
index bed5a1477..1edce55d8 100644
--- a/email_in.pl
+++ b/email_in.pl
@@ -47,6 +47,7 @@ use Bugzilla::Error;
 use Bugzilla::Mailer;
 use Bugzilla::User;
 use Bugzilla::Util;
+use Bugzilla::Token;
 
 #############
 # Constants #
@@ -201,6 +202,7 @@ sub process_bug {
         $cgi->param(-name => $field, -value => $fields{$field});
     }
     $cgi->param('longdesclength', scalar $bug->longdescs);
+    $cgi->param('token', issue_hash_token([$bug->id, $bug->delta_ts]));
 
     require 'process_bug.cgi';
 }
-- 
cgit v1.2.3-24-g4f1b