Bug 1424408 - "Sign in with GitHub" button triggers a bugzilla security error, if...

author Dylan William Hardison <dylan@hardison.net>

Thu, 21 Dec 2017 03:14:08 +0000 (22:14 -0500)

committer GitHub <noreply@github.com>

Thu, 21 Dec 2017 03:14:08 +0000 (22:14 -0500)
author Dylan William Hardison <dylan@hardison.net>
Thu, 21 Dec 2017 03:14:08 +0000 (22:14 -0500)
committer GitHub <noreply@github.com>
Thu, 21 Dec 2017 03:14:08 +0000 (22:14 -0500)
diff --git a/github.cgi b/github.cgi

index acb02d4669caf9ed7647a90839623af9d35c1c68..b8467e1e03fdd89a33ebad08df339147eac34455 100755 (executable)
--- a/github.cgi
+++ b/github.cgi
@@ -44,7 +44,7 @@ if (lc($cgi->request_method) eq 'post') {
        unless $target_uri =~ /^\Q$urlbase\E/;
  
      ThrowCodeError("github_insecure_referer", { target_uri => $target_uri })
-      if $cgi->referer && $cgi->referer =~ /(reset_password\.cgi|token\.cgi|t=|token=|api_key=)/;
+      if $cgi->referer && $cgi->referer =~ /(?:reset_password\.cgi|token\.cgi|\bt=|token=|api_key=)/;
  
      if ($user->id) {
          print $cgi->redirect($target_uri);
diff --git a/qa/t/test_custom_fields.t b/qa/t/test_custom_fields.t

index 70ffe876a9494e139b94717e8574ce6872c0bdd0..bd207458570057826fa4b40991f9aa4fe82960dd 100644 (file)
--- a/qa/t/test_custom_fields.t
+++ b/qa/t/test_custom_fields.t
@@ -56,7 +56,7 @@ $sel->type_ok("sortkey", $bug1_id);
  $sel->click_ok("enter_bug");
  $sel->value_is("enter_bug", "on");
  $sel->click_ok("new_bugmail");
-sleep 5;
+sleep 10;
  $sel->value_is("new_bugmail", "on");
  $sel->value_is("obsolete", "off");
  $sel->click_ok("create");
author	Dylan William Hardison <dylan@hardison.net>
	Thu, 21 Dec 2017 03:14:08 +0000 (22:14 -0500)
committer	GitHub <noreply@github.com>
	Thu, 21 Dec 2017 03:14:08 +0000 (22:14 -0500)
github.cgi		patch \| blob \| blame \| history
qa/t/test_custom_fields.t		patch \| blob \| blame \| history