From: David Lawrence Date: Mon, 24 Jan 2011 19:13:43 +0000 (-0500) Subject: Bug 621105 - [SECURITY] Voting lacks CSRF protection X-Git-Tag: bugzilla-3.2.10~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3369b0ce25922b220e75125d528b8e0abc5a0ea8;p=thirdparty%2Fbugzilla.git Bug 621105 - [SECURITY] Voting lacks CSRF protection r=mkanat,a=LpSolit --- diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm index 8857b7521c..9ea73ede4b 100644 --- a/Bugzilla/Install/Localconfig.pm +++ b/Bugzilla/Install/Localconfig.pm @@ -251,7 +251,7 @@ EOT elsif (defined @$glob) { $localconfig{$var} = \@$glob; } - elsif (defined %$glob) { + elsif (%$glob) { $localconfig{$var} = \%$glob; } } diff --git a/template/en/default/bug/votes/delete-all.html.tmpl b/template/en/default/bug/votes/delete-all.html.tmpl index 41b75123dd..f6382b6d34 100644 --- a/template/en/default/bug/votes/delete-all.html.tmpl +++ b/template/en/default/bug/votes/delete-all.html.tmpl @@ -35,6 +35,7 @@
+

Yes, delete all my votes diff --git a/template/en/default/bug/votes/list-for-user.html.tmpl b/template/en/default/bug/votes/list-for-user.html.tmpl index 50dff7d5ea..9629b8e586 100644 --- a/template/en/default/bug/votes/list-for-user.html.tmpl +++ b/template/en/default/bug/votes/list-for-user.html.tmpl @@ -74,6 +74,7 @@ [% IF products.size %] + diff --git a/votes.cgi b/votes.cgi index fb6b72a873..033cf249e4 100755 --- a/votes.cgi +++ b/votes.cgi @@ -34,6 +34,7 @@ use Bugzilla::Error; use Bugzilla::Bug; use Bugzilla::User; use Bugzilla::Product; +use Bugzilla::Token; use List::Util qw(min); @@ -257,6 +258,9 @@ sub record_votes { || ThrowUserError("votes_must_be_nonnegative"); } + my $token = $cgi->param('token'); + check_hash_token($token, ['vote']); + ############################################################################ # End Data/Security Validation ############################################################################