From: mkanat%kerio.com <>
Date: Thu, 12 May 2005 08:54:08 +0000 (+0000)
Subject: Bug 287436: [SECURITY] After having logged in, links to change the report type contai... 
X-Git-Tag: bugzilla-2.18.1~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce59c6525d670d6f9cc6a580f4453d53cd8d7de4;p=thirdparty%2Fbugzilla.git

Bug 287436: [SECURITY] After having logged in, links to change the report type contain username and password
Patch By Marc Schumann <wurblzap@gmail.com> r=gerv, a=justdave
---

diff --git a/Bugzilla/Auth/CGI.pm b/Bugzilla/Auth/CGI.pm
index 0a1a331f19..2146ca3986 100644
--- a/Bugzilla/Auth/CGI.pm
+++ b/Bugzilla/Auth/CGI.pm
@@ -48,6 +48,8 @@ sub login {
     # First, try the actual login method against form variables
     my $username = $cgi->param("Bugzilla_login");
     my $passwd = $cgi->param("Bugzilla_password");
+    
+    $cgi->delete('Bugzilla_login', 'Bugzilla_password');
 
     my $authmethod = Param("loginmethod");
     my ($authres, $userid, $extra, $info) =
diff --git a/chart.cgi b/chart.cgi
index 4bab17701a..645beb9cbf 100755
--- a/chart.cgi
+++ b/chart.cgi
@@ -284,8 +284,7 @@ sub wrap {
     $vars->{'time'} = time();
 
     $vars->{'imagebase'} = $cgi->canonicalise_query(
-                "action", "action-wrap", "ctype", "format", "width", "height",
-                "Bugzilla_login", "Bugzilla_password");
+                "action", "action-wrap", "ctype", "format", "width", "height");
 
     print $cgi->header();
     $template->process("reports/chart.html.tmpl", $vars)
diff --git a/userprefs.cgi b/userprefs.cgi
index 1c9cf20688..8dbee7b917 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -327,12 +327,19 @@ sub SaveSavedSearches() {
 # Live code (not subroutine definitions) starts here
 ###############################################################################
 
+my $cgi = Bugzilla->cgi;
+
+# This script needs direct access to the username and password CGI variables,
+# so we save them before their removal in Bugzilla->login
+my $bugzilla_login    = $cgi->param('Bugzilla_login');
+my $bugzilla_password = $cgi->param('Bugzilla_password');
+
 Bugzilla->login(LOGIN_REQUIRED);
+$cgi->param('Bugzilla_login', $bugzilla_login);
+$cgi->param('Bugzilla_password', $bugzilla_password);
 
 GetVersionTable();
 
-my $cgi = Bugzilla->cgi;
-
 $vars->{'changes_saved'} = $cgi->param('dosave');
 
 my $current_tab_name = $cgi->param('tab') || "account";