aboutsummaryrefslogtreecommitdiffstats
path: root/editflagtypes.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2009-02-02 18:59:17 +0000
committerlpsolit%gmail.com <>2009-02-02 18:59:17 +0000
commitd382992164347e076c51d3116a32aeabb2beecd5 (patch)
tree733546d50af433091cac9db779e8ea275dc4c6ce /editflagtypes.cgi
parent44341577cd209d8c61fe4129ea72785fc7be9ee5 (diff)
downloadbugs-d382992164347e076c51d3116a32aeabb2beecd5.tar
bugs-d382992164347e076c51d3116a32aeabb2beecd5.tar.gz
bugs-d382992164347e076c51d3116a32aeabb2beecd5.tar.bz2
bugs-d382992164347e076c51d3116a32aeabb2beecd5.tar.xz
bugs-d382992164347e076c51d3116a32aeabb2beecd5.zip
Bug 466692: [SECURITY] keywords and unused flag types can be deleted by bypassing the token check - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'editflagtypes.cgi')
-rwxr-xr-xeditflagtypes.cgi14
1 files changed, 3 insertions, 11 deletions
diff --git a/editflagtypes.cgi b/editflagtypes.cgi
index d77c6b8a3..4dbaae573 100755
--- a/editflagtypes.cgi
+++ b/editflagtypes.cgi
@@ -80,7 +80,7 @@ elsif ($action eq 'edit') { edit($action); }
elsif ($action eq 'insert') { insert($token); }
elsif ($action eq 'update') { update($token); }
elsif ($action eq 'confirmdelete') { confirmDelete(); }
-elsif ($action eq 'delete') { deleteType(undef, $token); }
+elsif ($action eq 'delete') { deleteType($token); }
elsif ($action eq 'deactivate') { deactivate($token); }
else {
ThrowCodeError("action_unrecognized", { action => $action });
@@ -460,9 +460,8 @@ sub update {
sub confirmDelete {
- my $flag_type = validateID();
+ my $flag_type = validateID();
- if ($flag_type->flag_count) {
$vars->{'flag_type'} = $flag_type;
$vars->{'token'} = issue_session_token('delete_flagtype');
# Return the appropriate HTTP response headers.
@@ -471,20 +470,13 @@ sub confirmDelete {
# Generate and return the UI (HTML page) from the appropriate template.
$template->process("admin/flag-type/confirm-delete.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
- }
- else {
- # We should *always* ask if the admin really wants to delete
- # a flagtype, even if there is no flag belonging to this type.
- my $token = issue_session_token('delete_flagtype');
- deleteType($flag_type, $token);
- }
}
sub deleteType {
- my $flag_type = shift || validateID();
my $token = shift;
check_token_data($token, 'delete_flagtype');
+ my $flag_type = validateID();
my $id = $flag_type->id;
my $dbh = Bugzilla->dbh;