From: David Lawrence Date: Mon, 24 Jan 2011 19:33:04 +0000 (-0500) Subject: Bug 621105 - [SECURITY] Voting lacks CSRF protection X-Git-Tag: bugzilla-4.0rc2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6914f78823084363f804e369d1d81953c62bdef1;p=thirdparty%2Fbugzilla.git Bug 621105 - [SECURITY] Voting lacks CSRF protection r=mkanat,a=LpSolit --- diff --git a/extensions/Voting/Extension.pm b/extensions/Voting/Extension.pm index d94ff84300..8417e0ec35 100644 --- a/extensions/Voting/Extension.pm +++ b/extensions/Voting/Extension.pm @@ -36,6 +36,7 @@ use Bugzilla::Field; use Bugzilla::Mailer; use Bugzilla::User; use Bugzilla::Util qw(detaint_natural); +use Bugzilla::Token; use List::Util qw(min); @@ -529,6 +530,9 @@ sub _update_votes { || ThrowUserError("voting_must_be_nonnegative"); } + my $token = $cgi->param('token'); + check_hash_token($token, ['vote']); + ############################################################################ # End Data/Security Validation ############################################################################ diff --git a/extensions/Voting/template/en/default/pages/voting/user.html.tmpl b/extensions/Voting/template/en/default/pages/voting/user.html.tmpl index 8000792243..c2ee2ae7af 100644 --- a/extensions/Voting/template/en/default/pages/voting/user.html.tmpl +++ b/extensions/Voting/template/en/default/pages/voting/user.html.tmpl @@ -74,6 +74,7 @@ [% IF products.size %]
+ diff --git a/extensions/Voting/template/en/default/voting/delete-all.html.tmpl b/extensions/Voting/template/en/default/voting/delete-all.html.tmpl index 82ddc35961..f0d3b7e137 100644 --- a/extensions/Voting/template/en/default/voting/delete-all.html.tmpl +++ b/extensions/Voting/template/en/default/voting/delete-all.html.tmpl @@ -35,6 +35,7 @@ +

Yes, delete all my votes