From: David Lawrence Date: Mon, 24 Jan 2011 19:20:21 +0000 (-0500) Subject: Bug 621105 - [SECURITY] Voting lacks CSRF protection X-Git-Tag: bugzilla-3.4.10~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ccf9cb518c2a841d50e115ee2a76d1cc6b44669a;p=thirdparty%2Fbugzilla.git Bug 621105 - [SECURITY] Voting lacks CSRF protection r=mkanat,a=LpSolit --- diff --git a/template/en/default/bug/votes/delete-all.html.tmpl b/template/en/default/bug/votes/delete-all.html.tmpl index 41b75123dd..f6382b6d34 100644 --- a/template/en/default/bug/votes/delete-all.html.tmpl +++ b/template/en/default/bug/votes/delete-all.html.tmpl @@ -35,6 +35,7 @@
+

Yes, delete all my votes diff --git a/template/en/default/bug/votes/list-for-user.html.tmpl b/template/en/default/bug/votes/list-for-user.html.tmpl index 50dff7d5ea..9629b8e586 100644 --- a/template/en/default/bug/votes/list-for-user.html.tmpl +++ b/template/en/default/bug/votes/list-for-user.html.tmpl @@ -74,6 +74,7 @@ [% IF products.size %] + diff --git a/votes.cgi b/votes.cgi index 1c72431c45..de0cc0a48e 100755 --- a/votes.cgi +++ b/votes.cgi @@ -34,6 +34,7 @@ use Bugzilla::Error; use Bugzilla::Bug; use Bugzilla::User; use Bugzilla::Product; +use Bugzilla::Token; use List::Util qw(min); @@ -263,6 +264,9 @@ sub record_votes { || ThrowUserError("votes_must_be_nonnegative"); } + my $token = $cgi->param('token'); + check_hash_token($token, ['vote']); + ############################################################################ # End Data/Security Validation ############################################################################