From 93815fc7619567cc962e053280c5ed0b19492feb Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sun, 15 Oct 2006 05:02:09 +0000 Subject: =?UTF-8?q?Bug=20281181:=20[SECURITY]=20It's=20way=20too=20easy=20?= =?UTF-8?q?to=20delete=20versions/components/milestones=20etc...=20-=20Pat?= =?UTF-8?q?ch=20by=20Fr=C3=A9d=C3=A9ric=20Buclin=20=20r?= =?UTF-8?q?=3Dmkanat=20a=3Dmyk?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- editgroups.cgi | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'editgroups.cgi') diff --git a/editgroups.cgi b/editgroups.cgi index 8e6cf55ac..09e1c8b10 100755 --- a/editgroups.cgi +++ b/editgroups.cgi @@ -35,6 +35,7 @@ use Bugzilla::Error; use Bugzilla::Group; use Bugzilla::Product; use Bugzilla::User; +use Bugzilla::Token; my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -51,6 +52,7 @@ $user->in_group('creategroups') object => "groups"}); my $action = trim($cgi->param('action') || ''); +my $token = $cgi->param('token'); # Add missing entries in bug_group_map for bugs created while # a mandatory group was disabled and which is now enabled again. @@ -220,6 +222,7 @@ if ($action eq 'changeform') { $vars->{'isactive'} = $isactive; $vars->{'isbuggroup'} = $isbuggroup; $vars->{'groups'} = \@groups; + $vars->{'token'} = issue_session_token('edit_group'); print $cgi->header(); $template->process("admin/groups/edit.html.tmpl", $vars) @@ -235,6 +238,7 @@ if ($action eq 'changeform') { # if ($action eq 'add') { + $vars->{'token'} = issue_session_token('add_group'); print $cgi->header(); $template->process("admin/groups/create.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -249,6 +253,7 @@ if ($action eq 'add') { # if ($action eq 'new') { + check_token_data($token, 'add_group'); # Check that a not already used group name is given, that # a description is also given and check if the regular # expression is valid (if any). @@ -284,6 +289,7 @@ if ($action eq 'new') { undef, ($gid, CONTROLMAPSHOWN, CONTROLMAPNA)); } Bugzilla::Group::RederiveRegexp($regexp, $gid); + delete_token($token); print $cgi->header(); $template->process("admin/groups/created.html.tmpl", $vars) @@ -356,6 +362,7 @@ if ($action eq 'del') { $vars->{'hasflags'} = $hasflags; $vars->{'shared_queries'} = $shared_queries; $vars->{'buglist'} = $buglist; + $vars->{'token'} = issue_session_token('delete_group'); print $cgi->header(); $template->process("admin/groups/delete.html.tmpl", $vars) @@ -369,6 +376,7 @@ if ($action eq 'del') { # if ($action eq 'delete') { + check_token_data($token, 'delete_group'); # Check that an existing group ID is given my $gid = CheckGroupID($cgi->param('group')); my ($name, $isbuggroup) = @@ -455,6 +463,8 @@ if ($action eq 'delete') { $dbh->do('DELETE FROM groups WHERE id = ?', undef, $gid); + delete_token($token); + print $cgi->header(); $template->process("admin/groups/deleted.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -467,6 +477,7 @@ if ($action eq 'delete') { # if ($action eq 'postchanges') { + check_token_data($token, 'edit_group'); # ZLL: Bug 181589: we need to have something to remove explicitly listed users from # groups in order for the conversion to 2.18 groups to work my $action; @@ -488,7 +499,8 @@ if ($action eq 'postchanges') { if ($action == 2) { $vars->{'regexp'} = $regexp; } - + delete_token($token); + print $cgi->header(); $template->process("admin/groups/change.html.tmpl", $vars) || ThrowTemplateError($template->error()); -- cgit v1.2.1