From 038df43c5a3d51bd66772a7df7e6403eebe1b913 Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Tue, 29 May 2012 08:22:31 -0700
Subject: Bug 754672 - CSRF vulnerability in buglist.cgi allows possible
 unauthorized setting of default search options [r=LpSolit a=LpSolit]

---
 buglist.cgi | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'buglist.cgi')

diff --git a/buglist.cgi b/buglist.cgi
index f0e778464..f7498483a 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -434,6 +434,8 @@ if ($cmdtype eq "dorem") {
 elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) {
     if ($cgi->param('remtype') eq "asdefault") {
         $user = Bugzilla->login(LOGIN_REQUIRED);
+        my $token = $cgi->param('token');
+        check_hash_token($token, ['searchknob']);
         InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer);
         $vars->{'message'} = "buglist_new_default_query";
     }
-- 
cgit v1.2.1