From e5b9aa6ef469adb5db2ff4b7575342bd79fd450a Mon Sep 17 00:00:00 2001
From: David Lawrence <dkl@mozilla.com>
Date: Tue, 1 Mar 2016 08:13:53 -0500
Subject: Bug 1252216 - Push extension configuration is vulnerable to CSRF and
 potentially code execution

---
 extensions/Push/lib/Admin.pm | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'extensions/Push/lib/Admin.pm')

diff --git a/extensions/Push/lib/Admin.pm b/extensions/Push/lib/Admin.pm
index f579409bd..e11415ea6 100644
--- a/extensions/Push/lib/Admin.pm
+++ b/extensions/Push/lib/Admin.pm
@@ -13,6 +13,7 @@ use warnings;
 use Bugzilla;
 use Bugzilla::Error;
 use Bugzilla::Extension::Push::Util;
+use Bugzilla::Token qw(check_hash_token delete_token);
 use Bugzilla::Util qw(trim detaint_natural trick_taint);
 
 use base qw(Exporter);
@@ -28,6 +29,9 @@ sub admin_config {
     my $input = Bugzilla->input_params;
 
     if ($input->{save}) {
+        my $token = $input->{token};
+        check_hash_token($token, ['push_config']);
+        delete_token($token);
         my $dbh = Bugzilla->dbh;
         $dbh->bz_start_transaction();
         _update_config_from_form('global', $push->config);
-- 
cgit v1.2.3-24-g4f1b