Files · 23df77be557e495a78808769378ce1f29ac00b4f · etersoft / bugzilla

[SECURITY] Bug 252638: It is possible to send a carefully crafted HTTP POST… · 23df77be

authored Oct 25, 2004

[SECURITY] Bug 252638: It is possible to send a carefully crafted HTTP POST message to process_bug.cgi which will remove keywords from a bug even if you don't have permissions to edit all bug fields (the "editbugs" permission).  Such changes are reported in "bug changed" email notifications, so they are easily detected and reversed if someone abuses it.
Patch by Myk Melez <myk@mozilla.org>
r=gerv, a=justdave

23df77be

Name	Last commit	Last update
Bugzilla		Loading commit data...
contrib		Loading commit data...
docs		Loading commit data...
images		Loading commit data...
js		Loading commit data...
skins/standard		Loading commit data...
t		Loading commit data...
template		Loading commit data...
.cvsignore		Loading commit data...
Bugzilla.pm		Loading commit data...
CGI.pl		Loading commit data...
QUICKSTART		Loading commit data...
README		Loading commit data...
UPGRADING		Loading commit data...
UPGRADING-pre-2.8		Loading commit data...
ant.jpg		Loading commit data...
attachment.cgi		Loading commit data...
buglist.cgi		Loading commit data...
bugzilla.dtd		Loading commit data...
chart.cgi		Loading commit data...
checksetup.pl		Loading commit data...
colchange.cgi		Loading commit data...
collectstats.pl		Loading commit data...
config.cgi		Loading commit data...
createaccount.cgi		Loading commit data...
defparams.pl		Loading commit data...
describecomponents.cgi		Loading commit data...
describekeywords.cgi		Loading commit data...
doeditparams.cgi		Loading commit data...
duplicates.cgi		Loading commit data...
duplicates.xul		Loading commit data...
editclassifications.cgi		Loading commit data...
editcomponents.cgi		Loading commit data...
editflagtypes.cgi		Loading commit data...
editgroups.cgi		Loading commit data...
editkeywords.cgi		Loading commit data...
editmilestones.cgi		Loading commit data...
editparams.cgi		Loading commit data...
editproducts.cgi		Loading commit data...
editusers.cgi		Loading commit data...
editversions.cgi		Loading commit data...
editwhines.cgi		Loading commit data...
enter_bug.cgi		Loading commit data...
globals.pl		Loading commit data...
importxml.pl		Loading commit data...
index.cgi		Loading commit data...
localconfig.js		Loading commit data...
long_list.cgi		Loading commit data...
move.pl		Loading commit data...
page.cgi		Loading commit data...
post_bug.cgi		Loading commit data...
process_bug.cgi		Loading commit data...
productmenu.js		Loading commit data...
query.cgi		Loading commit data...
queryhelp.cgi		Loading commit data...
quicksearch.html		Loading commit data...
quicksearch.js		Loading commit data...
quicksearchhack.html		Loading commit data...
quips.cgi		Loading commit data...
relogin.cgi		Loading commit data...
report.cgi		Loading commit data...
reports.cgi		Loading commit data...
request.cgi		Loading commit data...
robots.txt		Loading commit data...
runtests.pl		Loading commit data...
runtests.sh		Loading commit data...
sanitycheck.cgi		Loading commit data...
show_activity.cgi		Loading commit data...
show_bug.cgi		Loading commit data...
showattachment.cgi		Loading commit data...
showdependencygraph.cgi		Loading commit data...
showdependencytree.cgi		Loading commit data...
sidebar.cgi		Loading commit data...
testagent.cgi		Loading commit data...
testserver.pl		Loading commit data...
token.cgi		Loading commit data...
userprefs.cgi		Loading commit data...
votes.cgi		Loading commit data...
whine.pl		Loading commit data...
whineatnews.pl		Loading commit data...
xml.cgi		Loading commit data...

README