aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2011-01-22 18:15:42 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2011-01-22 18:15:42 +0100
commit721dfc64e95140c48726738770cd22b71ac36702 (patch)
treec08aa9dc3fb9e1da20439b81dcb739055757db50 /colchange.cgi
parentBug 627854: Add 'form' hook to create-guided.html.tmpl similar to create.html... (diff)
downloadbugzilla-721dfc64e95140c48726738770cd22b71ac36702.tar.gz
bugzilla-721dfc64e95140c48726738770cd22b71ac36702.tar.bz2
bugzilla-721dfc64e95140c48726738770cd22b71ac36702.zip
Bug 621109: Column changing lacks CSRF protection
r=dkl a=mkanat
Diffstat (limited to 'colchange.cgi')
-rwxr-xr-xcolchange.cgi19
1 files changed, 14 insertions, 5 deletions
diff --git a/colchange.cgi b/colchange.cgi
index 0bd3af481..844f7615c 100755
--- a/colchange.cgi
+++ b/colchange.cgi
@@ -33,6 +33,7 @@ use Bugzilla::CGI;
use Bugzilla::Search::Saved;
use Bugzilla::Error;
use Bugzilla::User;
+use Bugzilla::Token;
use Storable qw(dclone);
@@ -86,6 +87,19 @@ $vars->{'columns'} = $columns;
my @collist;
if (defined $cgi->param('rememberedquery')) {
+ my $search;
+ if (defined $cgi->param('saved_search')) {
+ $search = new Bugzilla::Search::Saved($cgi->param('saved_search'));
+ }
+
+ my $token = $cgi->param('token');
+ if ($search) {
+ check_hash_token($token, [$search->id, $search->name]);
+ }
+ else {
+ check_hash_token($token, ['default-list']);
+ }
+
my $splitheader = 0;
if (defined $cgi->param('resetit')) {
@collist = DEFAULT_COLUMN_LIST;
@@ -123,11 +137,6 @@ if (defined $cgi->param('rememberedquery')) {
$vars->{'message'} = "change_columns";
- my $search;
- if (defined $cgi->param('saved_search')) {
- $search = new Bugzilla::Search::Saved($cgi->param('saved_search'));
- }
-
if ($cgi->param('save_columns_for_search')
&& defined $search && $search->user->id == Bugzilla->user->id)
{