From faac5e70ce92133773a2043619f9f23870beb14b Mon Sep 17 00:00:00 2001
From: Dave Lawrence <dlawrence@mozilla.com>
Date: Mon, 28 Nov 2011 11:38:31 -0500
Subject: Bug 704308 - CSRF vulnerability in post_bug.cgi allows possible
 unauthorized bug creation

---
 process_bug.cgi | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'process_bug.cgi')

diff --git a/process_bug.cgi b/process_bug.cgi
index d44b9dda3..3d8b6bda2 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -391,6 +391,9 @@ foreach my $bug (@bug_objects) {
     $bug->send_changes($changes, $vars);
 }
 
+# Delete the session token used for the mass-change.
+delete_token($token) unless $cgi->param('id');
+
 if (Bugzilla->usage_mode == USAGE_MODE_EMAIL) {
     # Do nothing.
 }
-- 
cgit v1.2.3-24-g4f1b