diff options
author | Reed Loden <reed@reedloden.com> | 2011-12-13 14:26:45 -0800 |
---|---|---|
committer | Reed Loden <reed@reedloden.com> | 2011-12-13 14:26:45 -0800 |
commit | cc86e1bc247787a6dd28f4604b93e08415ecd4fb (patch) | |
tree | 7608f271062b3bb1d6696983e46031b8ad2a1d18 /Bugzilla | |
parent | 49445ac5eb1b8f0b44f29942e2ea1e941dff4807 (diff) | |
download | bugs-cc86e1bc247787a6dd28f4604b93e08415ecd4fb.tar bugs-cc86e1bc247787a6dd28f4604b93e08415ecd4fb.tar.gz bugs-cc86e1bc247787a6dd28f4604b93e08415ecd4fb.tar.bz2 bugs-cc86e1bc247787a6dd28f4604b93e08415ecd4fb.tar.xz bugs-cc86e1bc247787a6dd28f4604b93e08415ecd4fb.zip |
Bug 705474 - CSRF vulnerability in createaccount.cgi allows possible unauthorized account creation e-mail request
[r=mkanat a=mkanat]
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/Token.pm | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 36b3b070f..a85dcc1f4 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -176,9 +176,14 @@ sub issue_hash_token { $data ||= []; $time ||= time(); + # For the user ID, use the actual ID if the user is logged in. + # Otherwise, use the remote IP, in case this is for something + # such as creating an account or logging in. + my $user_id = Bugzilla->user->id || remote_ip(); + # The concatenated string is of the form - # token creation time + site-wide secret + user ID + data - my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, Bugzilla->user->id, @$data); + # token creation time + site-wide secret + user ID (either ID or remote IP) + data + my @args = ($time, Bugzilla->localconfig->{'site_wide_secret'}, $user_id, @$data); my $token = join('*', @args); # Wide characters cause md5_hex() to die. |