aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-15 05:02:09 +0000
committerlpsolit%gmail.com <>2006-10-15 05:02:09 +0000
commit93815fc7619567cc962e053280c5ed0b19492feb (patch)
treeffc99d8156c41fbd0d5ab8801324adead2ef4436 /editgroups.cgi
parentBug 346564: [SECURITY] timetracking deadline leaks in XML - Patch by Olav Vit... (diff)
downloadbugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz
bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.bz2
bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.zip
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editgroups.cgi')
-rwxr-xr-xeditgroups.cgi14
1 files changed, 13 insertions, 1 deletions
diff --git a/editgroups.cgi b/editgroups.cgi
index 8e6cf55ac..09e1c8b10 100755
--- a/editgroups.cgi
+++ b/editgroups.cgi
@@ -35,6 +35,7 @@ use Bugzilla::Error;
use Bugzilla::Group;
use Bugzilla::Product;
use Bugzilla::User;
+use Bugzilla::Token;
my $cgi = Bugzilla->cgi;
my $dbh = Bugzilla->dbh;
@@ -51,6 +52,7 @@ $user->in_group('creategroups')
object => "groups"});
my $action = trim($cgi->param('action') || '');
+my $token = $cgi->param('token');
# Add missing entries in bug_group_map for bugs created while
# a mandatory group was disabled and which is now enabled again.
@@ -220,6 +222,7 @@ if ($action eq 'changeform') {
$vars->{'isactive'} = $isactive;
$vars->{'isbuggroup'} = $isbuggroup;
$vars->{'groups'} = \@groups;
+ $vars->{'token'} = issue_session_token('edit_group');
print $cgi->header();
$template->process("admin/groups/edit.html.tmpl", $vars)
@@ -235,6 +238,7 @@ if ($action eq 'changeform') {
#
if ($action eq 'add') {
+ $vars->{'token'} = issue_session_token('add_group');
print $cgi->header();
$template->process("admin/groups/create.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -249,6 +253,7 @@ if ($action eq 'add') {
#
if ($action eq 'new') {
+ check_token_data($token, 'add_group');
# Check that a not already used group name is given, that
# a description is also given and check if the regular
# expression is valid (if any).
@@ -284,6 +289,7 @@ if ($action eq 'new') {
undef, ($gid, CONTROLMAPSHOWN, CONTROLMAPNA));
}
Bugzilla::Group::RederiveRegexp($regexp, $gid);
+ delete_token($token);
print $cgi->header();
$template->process("admin/groups/created.html.tmpl", $vars)
@@ -356,6 +362,7 @@ if ($action eq 'del') {
$vars->{'hasflags'} = $hasflags;
$vars->{'shared_queries'} = $shared_queries;
$vars->{'buglist'} = $buglist;
+ $vars->{'token'} = issue_session_token('delete_group');
print $cgi->header();
$template->process("admin/groups/delete.html.tmpl", $vars)
@@ -369,6 +376,7 @@ if ($action eq 'del') {
#
if ($action eq 'delete') {
+ check_token_data($token, 'delete_group');
# Check that an existing group ID is given
my $gid = CheckGroupID($cgi->param('group'));
my ($name, $isbuggroup) =
@@ -455,6 +463,8 @@ if ($action eq 'delete') {
$dbh->do('DELETE FROM groups WHERE id = ?',
undef, $gid);
+ delete_token($token);
+
print $cgi->header();
$template->process("admin/groups/deleted.html.tmpl", $vars)
|| ThrowTemplateError($template->error());
@@ -467,6 +477,7 @@ if ($action eq 'delete') {
#
if ($action eq 'postchanges') {
+ check_token_data($token, 'edit_group');
# ZLL: Bug 181589: we need to have something to remove explicitly listed users from
# groups in order for the conversion to 2.18 groups to work
my $action;
@@ -488,7 +499,8 @@ if ($action eq 'postchanges') {
if ($action == 2) {
$vars->{'regexp'} = $regexp;
}
-
+ delete_token($token);
+
print $cgi->header();
$template->process("admin/groups/change.html.tmpl", $vars)
|| ThrowTemplateError($template->error());