Files · f12ad394c4dcce0c7efafc327d830705b6ec708f · Ivan Ivlev / bugzilla

SECURITY FIX see bug 108385: Due to trusting of passed form fields that… · f12ad394

authored Nov 06, 2001

SECURITY FIX see bug 108385: Due to trusting of passed form fields that shouldn't have been trusted, it was possible to add a comment to a bug pretending to be someone else if you edited the HTML by hand before submitting. The bug form did not include the field in question, but due to legacy processing code, the field was still trusted if it was present.
Patch by Dave Miller <justdave@syndicomm.com>
r= jake x2

f12ad394

Name	Last commit	Last update
Bugzilla		Loading commit data...
contrib		Loading commit data...
docs		Loading commit data...
t		Loading commit data...
template/default		Loading commit data...
.cvsignore		Loading commit data...
1x1.gif		Loading commit data...
Attachment.pm		Loading commit data...
Bug.pm		Loading commit data...
CGI.pl		Loading commit data...
README		Loading commit data...
RelationSet.pm		Loading commit data...
Token.pm		Loading commit data...
UPGRADING		Loading commit data...
UPGRADING-pre-2.8		Loading commit data...
ant.jpg		Loading commit data...
attachment.cgi		Loading commit data...
booleanchart.html		Loading commit data...
bug_form.pl		Loading commit data...
bug_status.html		Loading commit data...
buglist.cgi		Loading commit data...
bugwritinghelp.html		Loading commit data...
bugzilla.dtd		Loading commit data...
changepassword.cgi		Loading commit data...
checksetup.pl		Loading commit data...
colchange.cgi		Loading commit data...
collectstats.pl		Loading commit data...
confirmhelp.html		Loading commit data...
createaccount.cgi		Loading commit data...
createattachment.cgi		Loading commit data...
defparams.pl		Loading commit data...
describecomponents.cgi		Loading commit data...
describekeywords.cgi		Loading commit data...
doeditparams.cgi		Loading commit data...
doeditvotes.cgi		Loading commit data...
duplicates.cgi		Loading commit data...
editattachstatuses.cgi		Loading commit data...
editcomponents.cgi		Loading commit data...
editgroups.cgi		Loading commit data...
editkeywords.cgi		Loading commit data...
editmilestones.cgi		Loading commit data...
editparams.cgi		Loading commit data...
editproducts.cgi		Loading commit data...
editusers.cgi		Loading commit data...
editversions.cgi		Loading commit data...
enter_bug.cgi		Loading commit data...
globals.pl		Loading commit data...
help.html		Loading commit data...
helpemailquery.html		Loading commit data...
how_to_mail.html		Loading commit data...
importxml.pl		Loading commit data...
index.html		Loading commit data...
localconfig.js		Loading commit data...
long_list.cgi		Loading commit data...
move.pl		Loading commit data...
new_comment.cgi		Loading commit data...
notargetmilestone.html		Loading commit data...
post_bug.cgi		Loading commit data...
process_bug.cgi		Loading commit data...
processmail		Loading commit data...
query.cgi		Loading commit data...
queryhelp.cgi		Loading commit data...
quicksearch.html		Loading commit data...
quicksearch.js		Loading commit data...
quicksearchhack.html		Loading commit data...
quips.cgi		Loading commit data...
relogin.cgi		Loading commit data...
reports.cgi		Loading commit data...
robots.txt		Loading commit data...
runtests.sh		Loading commit data...
sanitycheck.cgi		Loading commit data...
show_activity.cgi		Loading commit data...
show_bug.cgi		Loading commit data...
showattachment.cgi		Loading commit data...
showdependencygraph.cgi		Loading commit data...
showdependencytree.cgi		Loading commit data...
showvotes.cgi		Loading commit data...
syncshadowdb		Loading commit data...
token.cgi		Loading commit data...
userprefs.cgi		Loading commit data...
votehelp.html		Loading commit data...
whineatnews.pl		Loading commit data...
xml.cgi		Loading commit data...

README