From f6c4abda55c83a53d32d5958cc9c81a602423c89 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Mon, 24 Jan 2011 18:04:59 +0100
Subject: Bug 621107: [SECURITY] Sanity checking lacks CSRF protection r=dkl
 a=LpSolit

---
 sanitycheck.cgi | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'sanitycheck.cgi')

diff --git a/sanitycheck.cgi b/sanitycheck.cgi
index a4f9832b0..6bf113b24 100755
--- a/sanitycheck.cgi
+++ b/sanitycheck.cgi
@@ -35,6 +35,7 @@ use Bugzilla::Error;
 use Bugzilla::Hook;
 use Bugzilla::Util;
 use Bugzilla::Status;
+use Bugzilla::Token;
 
 ###########################################################################
 # General subs
@@ -79,6 +80,15 @@ if (Bugzilla->usage_mode == USAGE_MODE_CMDLINE) {
 }
 else {
     $template = Bugzilla->template;
+
+    # Only check the token if we are running this script from the
+    # web browser and a parameter is passed to the script.
+    # XXX - Maybe these two parameters should be deleted once logged in?
+    $cgi->delete('GoAheadAndLogIn', 'Bugzilla_restrictlogin');
+    if (scalar($cgi->param())) {
+        my $token = $cgi->param('token');
+        check_hash_token($token, ['sanitycheck']);
+    }
 }
 my $vars = {};
 
-- 
cgit v1.2.3-24-g4f1b