From 9cc89d34f79d1a326e5c792722163d5908a97c13 Mon Sep 17 00:00:00 2001 From: Dylan Hardison Date: Wed, 9 Mar 2016 22:12:31 -0500 Subject: Bug 1254227 - MozReview auth delegation allows sending out phishing mails via Bugzilla --- extensions/MozReview/Extension.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'extensions/MozReview') diff --git a/extensions/MozReview/Extension.pm b/extensions/MozReview/Extension.pm index 1969ade42..907f12e56 100644 --- a/extensions/MozReview/Extension.pm +++ b/extensions/MozReview/Extension.pm @@ -82,10 +82,12 @@ sub template_before_process { sub auth_delegation_confirm { my ($self, $args) = @_; my $mozreview_callback_url = Bugzilla->params->{mozreview_auth_callback_url}; + my $mozreview_app_id = Bugzilla->params->{mozreview_app_id}; return unless $mozreview_callback_url; + return unless $mozreview_app_id; - if (index($args->{callback}, $mozreview_callback_url) == 0) { + if (index($args->{callback}, $mozreview_callback_url) == 0 && $args->{app_id} eq $mozreview_app_id) { ${$args->{skip_confirmation}} = 1; } } -- cgit v1.2.3-24-g4f1b