From: Reed Loden Date: Tue, 29 May 2012 15:23:18 +0000 (-0700) Subject: Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized setting... X-Git-Tag: bugzilla-4.2.2~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b9b50db744c603dbfa0c7ae5aac8dca4e58b0cd;p=thirdparty%2Fbugzilla.git Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized setting of default search options [r=LpSolit a=LpSolit] --- diff --git a/buglist.cgi b/buglist.cgi index d4ddfbd631..fcd2689596 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -461,6 +461,8 @@ if ($cmdtype eq "dorem") { elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) { if ($cgi->param('remtype') eq "asdefault") { $user = Bugzilla->login(LOGIN_REQUIRED); + my $token = $cgi->param('token'); + check_hash_token($token, ['searchknob']); InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer); $vars->{'message'} = "buglist_new_default_query"; } diff --git a/template/en/default/search/knob.html.tmpl b/template/en/default/search/knob.html.tmpl index a50f6bd326..e20822bf57 100644 --- a/template/en/default/search/knob.html.tmpl +++ b/template/en/default/search/knob.html.tmpl @@ -40,6 +40,9 @@ "Last Changed" => "Last Changed" } %] +[% IF user.id %] + +[% END %]

: @@ -56,7 +59,7 @@ [% IF known_name %] - [%# We store known_name in case the user add a boolean chart. %] + [%# We store known_name in case the user adds a boolean chart. %] [%# The name of the existing query will be passed to buglist.cgi. %] @@ -68,14 +71,16 @@ [% END %]

-

-     - - -

+[% IF user.id %] +

+     + + +

+[% END %] [% IF userdefaultquery %]