From: Reed Loden Date: Tue, 29 May 2012 15:22:31 +0000 (-0700) Subject: Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized setting... X-Git-Tag: bugzilla-4.3.2~57 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=038df43c5a3d51bd66772a7df7e6403eebe1b913;p=thirdparty%2Fbugzilla.git Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized setting of default search options [r=LpSolit a=LpSolit] --- diff --git a/buglist.cgi b/buglist.cgi index f0e7784649..f7498483a2 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -434,6 +434,8 @@ if ($cmdtype eq "dorem") { elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) { if ($cgi->param('remtype') eq "asdefault") { $user = Bugzilla->login(LOGIN_REQUIRED); + my $token = $cgi->param('token'); + check_hash_token($token, ['searchknob']); InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer); $vars->{'message'} = "buglist_new_default_query"; } diff --git a/template/en/default/search/knob.html.tmpl b/template/en/default/search/knob.html.tmpl index 723825a3c2..e9e3daaf12 100644 --- a/template/en/default/search/knob.html.tmpl +++ b/template/en/default/search/knob.html.tmpl @@ -23,6 +23,9 @@ "Last Changed" => "Last Changed" } %] +[% IF user.id %] + +[% END %]

: @@ -39,7 +42,7 @@ [% IF known_name %] - [%# We store known_name in case the user add a boolean chart. %] + [%# We store known_name in case the user adds a boolean chart. %] [%# The name of the existing query will be passed to buglist.cgi. %] @@ -51,14 +54,16 @@ [% END %]

-

-     - - -

+[% IF user.id %] +

+     + + +

+[% END %] [% IF userdefaultquery %]