diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2011-01-24 18:28:07 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-01-24 18:28:07 +0100 |
commit | b43bddbb34db261e48f011cfb408707798b66212 (patch) | |
tree | 70141c492fbb1806a53c42fcc0a527078b4bb74d | |
parent | Bug 621108: [SECURITY] Creating/editing charts lacks CSRF protection (diff) | |
download | bugzilla-b43bddbb34db261e48f011cfb408707798b66212.tar.gz bugzilla-b43bddbb34db261e48f011cfb408707798b66212.tar.bz2 bugzilla-b43bddbb34db261e48f011cfb408707798b66212.zip |
Bug 621110: [SECURITY] Quips (adding/approving/deleting) lacks CSRF protection
r=dkl a=LpSolit
-rwxr-xr-x | quips.cgi | 7 | ||||
-rw-r--r-- | template/en/default/list/quips.html.tmpl | 7 |
2 files changed, 12 insertions, 2 deletions
@@ -32,6 +32,7 @@ use Bugzilla::Constants; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::User; +use Bugzilla::Token; my $user = Bugzilla->login(LOGIN_REQUIRED); @@ -41,6 +42,7 @@ my $template = Bugzilla->template; my $vars = {}; my $action = $cgi->param('action') || ""; +my $token = $cgi->param('token'); if ($action eq "show") { # Read in the entire quip list @@ -74,6 +76,7 @@ if ($action eq "add") { (Bugzilla->params->{'quip_list_entry_control'} eq "closed") && ThrowUserError("no_new_quips"); + check_hash_token($token, ['create-quips']); # Add the quip my $approved = (Bugzilla->params->{'quip_list_entry_control'} eq "open") || Bugzilla->user->in_group('admin') || 0; @@ -92,7 +95,8 @@ if ($action eq 'approve') { || ThrowUserError("auth_failure", {group => "admin", action => "approve", object => "quips"}); - + + check_hash_token($token, ['approve-quips']); # Read in the entire quip list my $quipsref = $dbh->selectall_arrayref("SELECT quipid, approved FROM quips"); @@ -134,6 +138,7 @@ if ($action eq "delete") { my $quipid = $cgi->param("quipid"); ThrowCodeError("need_quipid") unless $quipid =~ /(\d+)/; $quipid = $1; + check_hash_token($token, ['quips', $quipid]); ($vars->{'deleted_quip'}) = $dbh->selectrow_array( "SELECT quip FROM quips WHERE quipid = ?", diff --git a/template/en/default/list/quips.html.tmpl b/template/en/default/list/quips.html.tmpl index 1404b2e35..b330596c7 100644 --- a/template/en/default/list/quips.html.tmpl +++ b/template/en/default/list/quips.html.tmpl @@ -73,6 +73,8 @@ <form method="post" action="quips.cgi"> <input type="hidden" name="action" value="add"> + <input type="hidden" name="token" + value="[% issue_hash_token(['create-quips']) FILTER html %]"> <input size="80" name="quip"> <p> <input type="submit" id="add" value="Add This Quip"> @@ -103,6 +105,8 @@ </p> <form name="editform" method="post" action="quips.cgi"> <input type="hidden" name="action" value="approve"> + <input type="hidden" name="token" + value="[% issue_hash_token(['approve-quips']) FILTER html %]"> <table border="1"> <thead><tr> <th>Quip</th> @@ -119,7 +123,8 @@ [% "Unknown" IF NOT users.$userid %] </td> <td> - <a href="quips.cgi?action=delete&quipid=[% quipid FILTER url_quote %]"> + <a href="quips.cgi?action=delete&quipid=[% quipid FILTER url_quote %]&token= + [%- issue_hash_token(['quips', quipid]) FILTER url_quote %]"> Delete </a> </td> |