Skip to content

bugzilla
bugzilla
Commit 038df43c authored by Reed Loden's avatar Reed Loden
Browse files
Options

Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized…

Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized setting of default search options [r=LpSolit a=LpSolit]
parent 9245e5ca
Hide whitespace changes
Inline Side-by-side
Showing with 16 additions and 9 deletions
buglist.cgi
View file @ 038df43c
...@@ -434,6 +434,8 @@ if ($cmdtype eq "dorem") { ...@@ -434,6 +434,8 @@ if ($cmdtype eq "dorem") {
elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) { elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) {
if ($cgi->param('remtype') eq "asdefault") { if ($cgi->param('remtype') eq "asdefault") {
$user = Bugzilla->login(LOGIN_REQUIRED); $user = Bugzilla->login(LOGIN_REQUIRED);
my $token = $cgi->param('token');
check_hash_token($token, ['searchknob']);
InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer); InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer);
$vars->{'message'} = "buglist_new_default_query"; $vars->{'message'} = "buglist_new_default_query";
} }
......
template/en/default/search/knob.html.tmpl
View file @ 038df43c
...@@ -23,6 +23,9 @@ ...@@ -23,6 +23,9 @@
"Last Changed" => "Last Changed" } %] "Last Changed" => "Last Changed" } %]
<input type="hidden" name="cmdtype" value="doit"> <input type="hidden" name="cmdtype" value="doit">
[% IF user.id %]
<input type="hidden" name="token" value="[% issue_hash_token(['searchknob']) FILTER html %]">
[% END %]
<p> <p>
<label for="order">Sort results by</label>: <label for="order">Sort results by</label>:
...@@ -39,7 +42,7 @@ ...@@ -39,7 +42,7 @@
<input type="submit" id="[% button_name FILTER html %]" <input type="submit" id="[% button_name FILTER html %]"
value="[% button_name FILTER html %]"> value="[% button_name FILTER html %]">
[% IF known_name %] [% IF known_name %]
[%# We store known_name in case the user add a boolean chart. %] [%# We store known_name in case the user adds a boolean chart. %]
<input type="hidden" name="known_name" value="[% known_name FILTER html %]"> <input type="hidden" name="known_name" value="[% known_name FILTER html %]">
[%# The name of the existing query will be passed to buglist.cgi. %] [%# The name of the existing query will be passed to buglist.cgi. %]
...@@ -51,14 +54,16 @@ ...@@ -51,14 +54,16 @@
[% END %] [% END %]
</p> </p>
<p> [% IF user.id %]
&nbsp;&nbsp;&nbsp; <p>
<input type="checkbox" id="remasdefault" &nbsp;&nbsp;&nbsp;
name="remtype" value="asdefault"> <input type="checkbox" id="remasdefault"
<label for="remasdefault"> name="remtype" value="asdefault">
and remember these as my default search options <label for="remasdefault">
</label> and remember these as my default search options
</p> </label>
</p>
[% END %]
[% IF userdefaultquery %] [% IF userdefaultquery %]
<p> <p>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment