aboutsummaryrefslogtreecommitdiffstats
path: root/editclassifications.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-15 05:02:09 +0000
committerlpsolit%gmail.com <>2006-10-15 05:02:09 +0000
commit93815fc7619567cc962e053280c5ed0b19492feb (patch)
treeffc99d8156c41fbd0d5ab8801324adead2ef4436 /editclassifications.cgi
parent6fcfcb93eda16108f71b4c96010bae95cde622cd (diff)
downloadbugs-93815fc7619567cc962e053280c5ed0b19492feb.tar
bugs-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz
bugs-93815fc7619567cc962e053280c5ed0b19492feb.tar.bz2
bugs-93815fc7619567cc962e053280c5ed0b19492feb.tar.xz
bugs-93815fc7619567cc962e053280c5ed0b19492feb.zip
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editclassifications.cgi')
-rwxr-xr-xeditclassifications.cgi18
1 files changed, 17 insertions, 1 deletions
diff --git a/editclassifications.cgi b/editclassifications.cgi
index 026f1b3ab..0ebfb97fa 100755
--- a/editclassifications.cgi
+++ b/editclassifications.cgi
@@ -28,6 +28,7 @@ use Bugzilla::Constants;
use Bugzilla::Util;
use Bugzilla::Error;
use Bugzilla::Classification;
+use Bugzilla::Token;
my $dbh = Bugzilla->dbh;
my $cgi = Bugzilla->cgi;
@@ -68,7 +69,8 @@ ThrowUserError("auth_classification_not_enabled")
#
my $action = trim($cgi->param('action') || '');
my $class_name = trim($cgi->param('classification') || '');
-
+my $token = $cgi->param('token');
+
#
# action='' -> Show nice list of classifications
#
@@ -88,6 +90,7 @@ unless ($action) {
#
if ($action eq 'add') {
+ $vars->{'token'} = issue_session_token('add_classification');
LoadTemplate($action);
}
@@ -96,6 +99,7 @@ if ($action eq 'add') {
#
if ($action eq 'new') {
+ check_token_data($token, 'add_classification');
$class_name || ThrowUserError("classification_not_specified");
@@ -124,6 +128,7 @@ if ($action eq 'new') {
$vars->{'classification'} = $class_name;
+ delete_token($token);
LoadTemplate($action);
}
@@ -147,6 +152,7 @@ if ($action eq 'del') {
}
$vars->{'classification'} = $classification;
+ $vars->{'token'} = issue_session_token('delete_classification');
LoadTemplate($action);
}
@@ -156,6 +162,7 @@ if ($action eq 'del') {
#
if ($action eq 'delete') {
+ check_token_data($token, 'delete_classification');
my $classification =
Bugzilla::Classification::check_classification($class_name);
@@ -179,6 +186,7 @@ if ($action eq 'delete') {
$vars->{'classification'} = $classification;
+ delete_token($token);
LoadTemplate($action);
}
@@ -194,6 +202,7 @@ if ($action eq 'edit') {
Bugzilla::Classification::check_classification($class_name);
$vars->{'classification'} = $classification;
+ $vars->{'token'} = issue_session_token('edit_classification');
LoadTemplate($action);
}
@@ -203,6 +212,7 @@ if ($action eq 'edit') {
#
if ($action eq 'update') {
+ check_token_data($token, 'edit_classification');
$class_name || ThrowUserError("classification_not_specified");
@@ -254,6 +264,7 @@ if ($action eq 'update') {
$dbh->bz_unlock_tables();
+ delete_token($token);
LoadTemplate($action);
}
@@ -270,25 +281,30 @@ if ($action eq 'reclassify') {
WHERE name = ?");
if (defined $cgi->param('add_products')) {
+ check_token_data($token, 'reclassify_classifications');
if (defined $cgi->param('prodlist')) {
foreach my $prod ($cgi->param("prodlist")) {
trick_taint($prod);
$sth->execute($classification->id, $prod);
}
}
+ delete_token($token);
} elsif (defined $cgi->param('remove_products')) {
+ check_token_data($token, 'reclassify_classifications');
if (defined $cgi->param('myprodlist')) {
foreach my $prod ($cgi->param("myprodlist")) {
trick_taint($prod);
$sth->execute(1,$prod);
}
}
+ delete_token($token);
}
my @classifications =
Bugzilla::Classification::get_all_classifications;
$vars->{'classifications'} = \@classifications;
$vars->{'classification'} = $classification;
+ $vars->{'token'} = issue_session_token('reclassify_classifications');
LoadTemplate($action);
}