Bug 754673 - CSRF vulnerability in query.cgi allows possible unauthorized use of…

Bug 754673 - CSRF vulnerability in query.cgi allows possible unauthorized use of "Set my default search back to the system default" [r=LpSolit a=LpSolit]

Bug 754673 - CSRF vulnerability in query.cgi allows possible unauthorized use of…
19b51489 · Reed Loden · a196f9ce · 19b51489 · 19b51489
Commit 19b51489 authored May 29, 2012 by Reed Loden
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

query.cgi query.cgi +3 -0

knob.html.tmpl template/en/default/search/knob.html.tmpl +2 -1

No files found.
--- a/query.cgi
+++ b/query.cgi
@@ -20,6 +20,7 @@ use Bugzilla::Product;
 use Bugzilla::Keyword;
 use Bugzilla::Field;
 use Bugzilla::Install::Util qw(vers_cmp);
+use Bugzilla::Token;
 ###############
 # Subroutines #
@@ -72,6 +73,8 @@ my $userid = $user->id;
 if ($cgi->param('nukedefaultquery')) {
    if ($userid) {
+        my $token = $cgi->param('token');
+        check_hash_token($token, ['nukedefaultquery']);
        $dbh->do("DELETE FROM namedqueries" .
                 " WHERE userid = ? AND name = ?", 
                 undef, ($userid, DEFAULT_QUERY_NAME));

--- a/template/en/default/search/knob.html.tmpl
+++ b/template/en/default/search/knob.html.tmpl
@@ -62,7 +62,8 @@
 [% IF userdefaultquery %]
  <p>
-    <a href="query.cgi?nukedefaultquery=1">
+    <a href="query.cgi?nukedefaultquery=1&amp;token=
+       [%- issue_hash_token(['nukedefaultquery']) FILTER uri %]">
      Set my default search back to the system default</a>.
  </p>
 [% END %]