From: Dylan William Hardison <dylan@hardison.net>
Date: Thu, 21 Dec 2017 03:14:08 +0000 (-0500)
Subject: Bug 1424408 - "Sign in with GitHub" button triggers a bugzilla security error, if... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=602af2ba4d6b98379a85bfa429132dbccf5851ea;p=thirdparty%2Fbugzilla.git

Bug 1424408 - "Sign in with GitHub" button triggers a bugzilla security error, if I'm viewing a page with e.g. "t=" in the URL
---

diff --git a/github.cgi b/github.cgi
index acb02d466..b8467e1e0 100755
--- a/github.cgi
+++ b/github.cgi
@@ -44,7 +44,7 @@ if (lc($cgi->request_method) eq 'post') {
       unless $target_uri =~ /^\Q$urlbase\E/;
 
     ThrowCodeError("github_insecure_referer", { target_uri => $target_uri })
-      if $cgi->referer && $cgi->referer =~ /(reset_password\.cgi|token\.cgi|t=|token=|api_key=)/;
+      if $cgi->referer && $cgi->referer =~ /(?:reset_password\.cgi|token\.cgi|\bt=|token=|api_key=)/;
 
     if ($user->id) {
         print $cgi->redirect($target_uri);
diff --git a/qa/t/test_custom_fields.t b/qa/t/test_custom_fields.t
index 70ffe876a..bd2074585 100644
--- a/qa/t/test_custom_fields.t
+++ b/qa/t/test_custom_fields.t
@@ -56,7 +56,7 @@ $sel->type_ok("sortkey", $bug1_id);
 $sel->click_ok("enter_bug");
 $sel->value_is("enter_bug", "on");
 $sel->click_ok("new_bugmail");
-sleep 5;
+sleep 10;
 $sel->value_is("new_bugmail", "on");
 $sel->value_is("obsolete", "off");
 $sel->click_ok("create");