From: David Lawrence Date: Mon, 24 Jan 2011 19:22:37 +0000 (-0500) Subject: Bug 621105 - [SECURITY] Voting lacks CSRF protection X-Git-Tag: bugzilla-3.6.4~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4f42fc36553267678d9ee607e6449d3ac6949a5;p=thirdparty%2Fbugzilla.git Bug 621105 - [SECURITY] Voting lacks CSRF protection r=mkanat,a=LpSolit --- diff --git a/template/en/default/bug/votes/delete-all.html.tmpl b/template/en/default/bug/votes/delete-all.html.tmpl index 41b75123dd..f6382b6d34 100644 --- a/template/en/default/bug/votes/delete-all.html.tmpl +++ b/template/en/default/bug/votes/delete-all.html.tmpl @@ -35,6 +35,7 @@
+

Yes, delete all my votes diff --git a/template/en/default/bug/votes/list-for-user.html.tmpl b/template/en/default/bug/votes/list-for-user.html.tmpl index 2f97616ed6..f478fa02ff 100644 --- a/template/en/default/bug/votes/list-for-user.html.tmpl +++ b/template/en/default/bug/votes/list-for-user.html.tmpl @@ -74,6 +74,7 @@ [% IF products.size %] + diff --git a/votes.cgi b/votes.cgi index b77a7a4f38..e4eb3b0385 100755 --- a/votes.cgi +++ b/votes.cgi @@ -35,6 +35,7 @@ use Bugzilla::Bug; use Bugzilla::BugMail; use Bugzilla::User; use Bugzilla::Product; +use Bugzilla::Token; use List::Util qw(min); @@ -264,6 +265,9 @@ sub record_votes { || ThrowUserError("votes_must_be_nonnegative"); } + my $token = $cgi->param('token'); + check_hash_token($token, ['vote']); + ############################################################################ # End Data/Security Validation ############################################################################