From: Frédéric Buclin Date: Mon, 24 Jan 2011 17:14:08 +0000 (+0100) Subject: Bug 621108: [SECURITY] Creating/editing charts lacks CSRF protection X-Git-Tag: bugzilla-4.0rc2~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ff5293303b0511b54426e4e85a8f71816f301ab;p=thirdparty%2Fbugzilla.git Bug 621108: [SECURITY] Creating/editing charts lacks CSRF protection r=dkl a=LpSolit --- diff --git a/chart.cgi b/chart.cgi index 12ef8d8345..a04cde0682 100755 --- a/chart.cgi +++ b/chart.cgi @@ -146,6 +146,8 @@ elsif ($action eq "wrap") { } elsif ($action eq "create") { assertCanCreate($cgi); + my $token = $cgi->param('token'); + check_hash_token($token, ['create-series']); my $series = new Bugzilla::Series($cgi); @@ -164,9 +166,11 @@ elsif ($action eq "edit") { edit($series); } elsif ($action eq "alter") { - assertCanEdit($series_id); + my $series = assertCanEdit($series_id); + my $token = $cgi->param('token'); + check_hash_token($token, [$series->id, $series->name]); # XXX - This should be replaced by $series->set_foo() methods. - my $series = new Bugzilla::Series($cgi); + $series = new Bugzilla::Series($cgi); # We need to check if there is _another_ series in the database with # our (potentially new) name. So we call existsInDatabase() to see if diff --git a/template/en/default/reports/edit-series.html.tmpl b/template/en/default/reports/edit-series.html.tmpl index 214bbcd75b..527a84f0a4 100644 --- a/template/en/default/reports/edit-series.html.tmpl +++ b/template/en/default/reports/edit-series.html.tmpl @@ -40,6 +40,8 @@ [% PROCESS reports/series.html.tmpl button_name = "Change Data Set" %] + [% IF default.series_id %] diff --git a/template/en/default/search/search-create-series.html.tmpl b/template/en/default/search/search-create-series.html.tmpl index 2aa5224c45..468324abd3 100644 --- a/template/en/default/search/search-create-series.html.tmpl +++ b/template/en/default/search/search-create-series.html.tmpl @@ -54,6 +54,7 @@ [% PROCESS reports/series.html.tmpl button_name = "Create Data Set" %] +