diff options
| author |   lpsolit%gmail.com <> | 2009-02-02 18:33:29 +0000 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2009-02-02 18:33:29 +0000 |
| commit | dc51769c9f7fb84ac2e43112f2d106a4770f5781 (patch) | |
| tree | 2e33c5042d7608871c661a843c3c991da07693d7 /email_in.pl | |
| parent | Bug 38862: [SECURITY] attachments should be at a different hostname - Patch b... (diff) | |
| download | bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.gz bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.bz2 bugzilla-dc51769c9f7fb84ac2e43112f2d106a4770f5781.zip | |
Bug 26257: [SECURITY] Bugzilla should prevent malicious webpages from making bugzilla users submit changes to bugs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'email_in.pl')
| -rw-r--r-- | email_in.pl | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/email_in.pl b/email_in.pl index bed5a1477..1edce55d8 100644 --- a/email_in.pl +++ b/email_in.pl @@ -47,6 +47,7 @@ use Bugzilla::Error; use Bugzilla::Mailer; use Bugzilla::User; use Bugzilla::Util; +use Bugzilla::Token; ############# # Constants # @@ -201,6 +202,7 @@ sub process_bug { $cgi->param(-name => $field, -value => $fields{$field}); } $cgi->param('longdesclength', scalar $bug->longdescs); + $cgi->param('token', issue_hash_token([$bug->id, $bug->delta_ts])); require 'process_bug.cgi'; } |