From 3004a5e322c3a95c7e51978b917f1547c382bac9 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Tue, 29 May 2012 07:52:31 -0700
Subject: Bug 754673 - CSRF vulnerability in query.cgi allows possible
 unauthorized use of "Set my default search back to the system default"
 [r=LpSolit a=LpSolit]

---
 query.cgi | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'query.cgi')

diff --git a/query.cgi b/query.cgi
index b3b9aa443..bfb79e52c 100755
--- a/query.cgi
+++ b/query.cgi
@@ -39,6 +39,7 @@ use Bugzilla::Product;
 use Bugzilla::Keyword;
 use Bugzilla::Field;
 use Bugzilla::Install::Util qw(vers_cmp);
+use Bugzilla::Token;
 
 my $cgi = Bugzilla->cgi;
 my $dbh = Bugzilla->dbh;
@@ -51,6 +52,8 @@ my $userid = $user->id;
 
 if ($cgi->param('nukedefaultquery')) {
     if ($userid) {
+        my $token = $cgi->param('token');
+        check_hash_token($token, ['nukedefaultquery']);
         $dbh->do("DELETE FROM namedqueries" .
                  " WHERE userid = ? AND name = ?", 
                  undef, ($userid, DEFAULT_QUERY_NAME));
-- 
cgit v1.2.3-24-g4f1b