From 92cb17e05cecb4093ee9e189347ba66b8844528a Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Tue, 22 Nov 2011 22:03:28 +0100
Subject: Bug 703975: CSRF vulnerability in post_bug.cgi allows possible
 unauthorized bug creation r=mkanat a=LpSolit

---
 process_bug.cgi | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'process_bug.cgi')

diff --git a/process_bug.cgi b/process_bug.cgi
index dc5ad9138..bf18a45d3 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -376,6 +376,9 @@ foreach my $bug (@bug_objects) {
     $bug->send_changes($changes, $vars);
 }
 
+# Delete the session token used for the mass-change.
+delete_token($token) unless $cgi->param('id');
+
 if (Bugzilla->usage_mode == USAGE_MODE_EMAIL) {
     # Do nothing.
 }
-- 
cgit v1.2.3-24-g4f1b