diff options
| author |   lpsolit%gmail.com <> | 2006-10-15 05:02:09 +0000 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-10-15 05:02:09 +0000 |
| commit | 93815fc7619567cc962e053280c5ed0b19492feb (patch) | |
| tree | ffc99d8156c41fbd0d5ab8801324adead2ef4436 /editproducts.cgi | |
| parent | Bug 346564: [SECURITY] timetracking deadline leaks in XML - Patch by Olav Vit... (diff) | |
| download | bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.bz2 bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.zip | |
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editproducts.cgi')
| -rwxr-xr-x | editproducts.cgi | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/editproducts.cgi b/editproducts.cgi index 4c4394926..6fc5da258 100755 --- a/editproducts.cgi +++ b/editproducts.cgi @@ -47,6 +47,7 @@ use Bugzilla::Milestone; use Bugzilla::Group; use Bugzilla::User; use Bugzilla::Field; +use Bugzilla::Token; # # Preliminary checks: @@ -74,6 +75,7 @@ my $classification_name = trim($cgi->param('classification') || ''); my $product_name = trim($cgi->param('product') || ''); my $action = trim($cgi->param('action') || ''); my $showbugcounts = (defined $cgi->param('showbugcounts')); +my $token = $cgi->param('token'); # # product = '' -> Show nice list of classifications (if @@ -128,12 +130,13 @@ if (!$action && !$product_name) { # if ($action eq 'add') { - if (Bugzilla->params->{'useclassification'}) { my $classification = Bugzilla::Classification::check_classification($classification_name); $vars->{'classification'} = $classification; } + $vars->{'token'} = issue_session_token('add_product'); + $template->process("admin/products/create.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -146,7 +149,7 @@ if ($action eq 'add') { # if ($action eq 'new') { - + check_token_data($token, 'add_product'); # Cleanups and validity checks my $classification_id = 1; @@ -306,6 +309,8 @@ if ($action eq 'new') { $series->writeToDatabase(); } } + delete_token($token); + $vars->{'product'} = $product; $template->process("admin/products/created.html.tmpl", $vars) @@ -339,6 +344,7 @@ if ($action eq 'del') { } $vars->{'product'} = $product; + $vars->{'token'} = issue_session_token('delete_product'); $template->process("admin/products/confirm-delete.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -350,6 +356,7 @@ if ($action eq 'del') { # if ($action eq 'delete') { + check_token_data($token, 'delete_product'); # First make sure the product name is valid. my $product = Bugzilla::Product::check_product($product_name); @@ -413,6 +420,8 @@ if ($action eq 'delete') { $dbh->bz_unlock_tables(); + delete_token($token); + $template->process("admin/products/deleted.html.tmpl", $vars) || ThrowTemplateError($template->error()); exit; @@ -467,9 +476,9 @@ if ($action eq 'edit' || (!$action && $product_name)) { } } $vars->{'group_controls'} = $group_controls; - $vars->{'product'} = $product; - + $vars->{'token'} = issue_session_token('edit_product'); + $template->process("admin/products/edit.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -481,6 +490,7 @@ if ($action eq 'edit' || (!$action && $product_name)) { # if ($action eq 'updategroupcontrols') { + check_token_data($token, 'edit_group_controls'); # First make sure the product name is valid. my $product = Bugzilla::Product::check_product($product_name); @@ -722,10 +732,10 @@ if ($action eq 'updategroupcontrols') { } $dbh->bz_unlock_tables(); - $vars->{'removed_na'} = \@removed_na; + delete_token($token); + $vars->{'removed_na'} = \@removed_na; $vars->{'added_mandatory'} = \@added_mandatory; - $vars->{'product'} = $product; $template->process("admin/products/groupcontrol/updated.html.tmpl", $vars) @@ -737,7 +747,7 @@ if ($action eq 'updategroupcontrols') { # action='update' -> update the product # if ($action eq 'update') { - + check_token_data($token, 'edit_product'); my $product_old_name = trim($cgi->param('product_old_name') || ''); my $description = trim($cgi->param('description') || ''); my $disallownew = trim($cgi->param('disallownew') || ''); @@ -980,6 +990,7 @@ if ($action eq 'update') { $vars->{'confirmedbugs'} = \@updated_bugs; $vars->{'changer'} = $user->login; } + delete_token($token); $vars->{'old_product'} = $product_old; $vars->{'product'} = $product; @@ -1022,6 +1033,7 @@ if ($action eq 'editgroupcontrols') { $vars->{'product'} = $product; $vars->{'groups'} = $groups; + $vars->{'token'} = issue_session_token('edit_group_controls'); $vars->{'const'} = { 'CONTROLMAPNA' => CONTROLMAPNA, |