diff options
author | lpsolit%gmail.com <> | 2009-02-02 18:59:17 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2009-02-02 18:59:17 +0000 |
commit | d382992164347e076c51d3116a32aeabb2beecd5 (patch) | |
tree | 733546d50af433091cac9db779e8ea275dc4c6ce /editflagtypes.cgi | |
parent | 44341577cd209d8c61fe4129ea72785fc7be9ee5 (diff) | |
download | bugs-d382992164347e076c51d3116a32aeabb2beecd5.tar bugs-d382992164347e076c51d3116a32aeabb2beecd5.tar.gz bugs-d382992164347e076c51d3116a32aeabb2beecd5.tar.bz2 bugs-d382992164347e076c51d3116a32aeabb2beecd5.tar.xz bugs-d382992164347e076c51d3116a32aeabb2beecd5.zip |
Bug 466692: [SECURITY] keywords and unused flag types can be deleted by bypassing the token check - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'editflagtypes.cgi')
-rwxr-xr-x | editflagtypes.cgi | 14 |
1 files changed, 3 insertions, 11 deletions
diff --git a/editflagtypes.cgi b/editflagtypes.cgi index d77c6b8a3..4dbaae573 100755 --- a/editflagtypes.cgi +++ b/editflagtypes.cgi @@ -80,7 +80,7 @@ elsif ($action eq 'edit') { edit($action); } elsif ($action eq 'insert') { insert($token); } elsif ($action eq 'update') { update($token); } elsif ($action eq 'confirmdelete') { confirmDelete(); } -elsif ($action eq 'delete') { deleteType(undef, $token); } +elsif ($action eq 'delete') { deleteType($token); } elsif ($action eq 'deactivate') { deactivate($token); } else { ThrowCodeError("action_unrecognized", { action => $action }); @@ -460,9 +460,8 @@ sub update { sub confirmDelete { - my $flag_type = validateID(); + my $flag_type = validateID(); - if ($flag_type->flag_count) { $vars->{'flag_type'} = $flag_type; $vars->{'token'} = issue_session_token('delete_flagtype'); # Return the appropriate HTTP response headers. @@ -471,20 +470,13 @@ sub confirmDelete { # Generate and return the UI (HTML page) from the appropriate template. $template->process("admin/flag-type/confirm-delete.html.tmpl", $vars) || ThrowTemplateError($template->error()); - } - else { - # We should *always* ask if the admin really wants to delete - # a flagtype, even if there is no flag belonging to this type. - my $token = issue_session_token('delete_flagtype'); - deleteType($flag_type, $token); - } } sub deleteType { - my $flag_type = shift || validateID(); my $token = shift; check_token_data($token, 'delete_flagtype'); + my $flag_type = validateID(); my $id = $flag_type->id; my $dbh = Bugzilla->dbh; |