diff options
author | lpsolit%gmail.com <> | 2006-10-15 05:02:09 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-10-15 05:02:09 +0000 |
commit | 93815fc7619567cc962e053280c5ed0b19492feb (patch) | |
tree | ffc99d8156c41fbd0d5ab8801324adead2ef4436 /editclassifications.cgi | |
parent | 6fcfcb93eda16108f71b4c96010bae95cde622cd (diff) | |
download | bugs-93815fc7619567cc962e053280c5ed0b19492feb.tar bugs-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz bugs-93815fc7619567cc962e053280c5ed0b19492feb.tar.bz2 bugs-93815fc7619567cc962e053280c5ed0b19492feb.tar.xz bugs-93815fc7619567cc962e053280c5ed0b19492feb.zip |
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editclassifications.cgi')
-rwxr-xr-x | editclassifications.cgi | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/editclassifications.cgi b/editclassifications.cgi index 026f1b3ab..0ebfb97fa 100755 --- a/editclassifications.cgi +++ b/editclassifications.cgi @@ -28,6 +28,7 @@ use Bugzilla::Constants; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::Classification; +use Bugzilla::Token; my $dbh = Bugzilla->dbh; my $cgi = Bugzilla->cgi; @@ -68,7 +69,8 @@ ThrowUserError("auth_classification_not_enabled") # my $action = trim($cgi->param('action') || ''); my $class_name = trim($cgi->param('classification') || ''); - +my $token = $cgi->param('token'); + # # action='' -> Show nice list of classifications # @@ -88,6 +90,7 @@ unless ($action) { # if ($action eq 'add') { + $vars->{'token'} = issue_session_token('add_classification'); LoadTemplate($action); } @@ -96,6 +99,7 @@ if ($action eq 'add') { # if ($action eq 'new') { + check_token_data($token, 'add_classification'); $class_name || ThrowUserError("classification_not_specified"); @@ -124,6 +128,7 @@ if ($action eq 'new') { $vars->{'classification'} = $class_name; + delete_token($token); LoadTemplate($action); } @@ -147,6 +152,7 @@ if ($action eq 'del') { } $vars->{'classification'} = $classification; + $vars->{'token'} = issue_session_token('delete_classification'); LoadTemplate($action); } @@ -156,6 +162,7 @@ if ($action eq 'del') { # if ($action eq 'delete') { + check_token_data($token, 'delete_classification'); my $classification = Bugzilla::Classification::check_classification($class_name); @@ -179,6 +186,7 @@ if ($action eq 'delete') { $vars->{'classification'} = $classification; + delete_token($token); LoadTemplate($action); } @@ -194,6 +202,7 @@ if ($action eq 'edit') { Bugzilla::Classification::check_classification($class_name); $vars->{'classification'} = $classification; + $vars->{'token'} = issue_session_token('edit_classification'); LoadTemplate($action); } @@ -203,6 +212,7 @@ if ($action eq 'edit') { # if ($action eq 'update') { + check_token_data($token, 'edit_classification'); $class_name || ThrowUserError("classification_not_specified"); @@ -254,6 +264,7 @@ if ($action eq 'update') { $dbh->bz_unlock_tables(); + delete_token($token); LoadTemplate($action); } @@ -270,25 +281,30 @@ if ($action eq 'reclassify') { WHERE name = ?"); if (defined $cgi->param('add_products')) { + check_token_data($token, 'reclassify_classifications'); if (defined $cgi->param('prodlist')) { foreach my $prod ($cgi->param("prodlist")) { trick_taint($prod); $sth->execute($classification->id, $prod); } } + delete_token($token); } elsif (defined $cgi->param('remove_products')) { + check_token_data($token, 'reclassify_classifications'); if (defined $cgi->param('myprodlist')) { foreach my $prod ($cgi->param("myprodlist")) { trick_taint($prod); $sth->execute(1,$prod); } } + delete_token($token); } my @classifications = Bugzilla::Classification::get_all_classifications; $vars->{'classifications'} = \@classifications; $vars->{'classification'} = $classification; + $vars->{'token'} = issue_session_token('reclassify_classifications'); LoadTemplate($action); } |