aboutsummaryrefslogtreecommitdiffstats
path: root/userprefs.cgi
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2009-02-02 19:21:09 +0000
committerlpsolit%gmail.com <>2009-02-02 19:21:09 +0000
commitd5d928102e575599296421f3334e9f8c82ae5292 (patch)
tree2f49bc4fb306ee03a76ba447b550d47f18b1b2b7 /userprefs.cgi
parent9c49307f5c2f5a67ab5b3b1270cc83b30efa8637 (diff)
downloadbugs-d5d928102e575599296421f3334e9f8c82ae5292.tar
bugs-d5d928102e575599296421f3334e9f8c82ae5292.tar.gz
bugs-d5d928102e575599296421f3334e9f8c82ae5292.tar.bz2
bugs-d5d928102e575599296421f3334e9f8c82ae5292.tar.xz
bugs-d5d928102e575599296421f3334e9f8c82ae5292.zip
Bug 472362: [SECURITY] Malicious attachments can change your user settings (user + email prefs, shared searches) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit
Diffstat (limited to 'userprefs.cgi')
-rwxr-xr-xuserprefs.cgi8
1 files changed, 8 insertions, 0 deletions
diff --git a/userprefs.cgi b/userprefs.cgi
index 085372bac..cffae38cc 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -517,6 +517,9 @@ trick_taint($current_tab_name);
$vars->{'current_tab_name'} = $current_tab_name;
+my $token = $cgi->param('token');
+check_token_data($token, 'edit_user_prefs') if $cgi->param('dosave');
+
# Do any saving, and then display the current tab.
SWITCH: for ($current_tab_name) {
/^account$/ && do {
@@ -547,6 +550,11 @@ SWITCH: for ($current_tab_name) {
{ current_tab_name => $current_tab_name });
}
+delete_token($token) if $cgi->param('dosave');
+if ($current_tab_name ne 'permissions') {
+ $vars->{'token'} = issue_session_token('edit_user_prefs');
+}
+
# Generate and return the UI (HTML page) from the appropriate template.
print $cgi->header();
$template->process("account/prefs/prefs.html.tmpl", $vars)