diff options
author | lpsolit%gmail.com <> | 2009-02-02 18:33:29 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2009-02-02 18:33:29 +0000 |
commit | dc51769c9f7fb84ac2e43112f2d106a4770f5781 (patch) | |
tree | 2e33c5042d7608871c661a843c3c991da07693d7 /Bugzilla/Template.pm | |
parent | 8d70890dc0b7c24b25a344808ac4e63e6a5dd74e (diff) | |
download | bugs-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar bugs-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.gz bugs-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.bz2 bugs-dc51769c9f7fb84ac2e43112f2d106a4770f5781.tar.xz bugs-dc51769c9f7fb84ac2e43112f2d106a4770f5781.zip |
Bug 26257: [SECURITY] Bugzilla should prevent malicious webpages from making bugzilla users submit changes to bugs - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'Bugzilla/Template.pm')
-rw-r--r-- | Bugzilla/Template.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 688c53386..8c34bb493 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -41,6 +41,7 @@ use Bugzilla::Util; use Bugzilla::User; use Bugzilla::Error; use Bugzilla::Status; +use Bugzilla::Token; use Bugzilla::Template::Parser; use Cwd qw(abs_path); @@ -765,6 +766,9 @@ sub create { return $docs_urlbase; }, + # Allow templates to generate a token themselves. + 'issue_hash_token' => \&Bugzilla::Token::issue_hash_token, + # These don't work as normal constants. DB_MODULE => \&Bugzilla::Constants::DB_MODULE, REQUIRED_MODULES => |