diff options
| author |   lpsolit%gmail.com <> | 2009-02-02 19:21:09 +0000 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2009-02-02 19:21:09 +0000 |
| commit | d5d928102e575599296421f3334e9f8c82ae5292 (patch) | |
| tree | 2f49bc4fb306ee03a76ba447b550d47f18b1b2b7 /userprefs.cgi | |
| parent | Bug 472206: [SECURITY] Bugzilla should optionally not allow the user to view ... (diff) | |
| download | bugzilla-d5d928102e575599296421f3334e9f8c82ae5292.tar.gz bugzilla-d5d928102e575599296421f3334e9f8c82ae5292.tar.bz2 bugzilla-d5d928102e575599296421f3334e9f8c82ae5292.zip | |
Bug 472362: [SECURITY] Malicious attachments can change your user settings (user + email prefs, shared searches) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit
Diffstat (limited to 'userprefs.cgi')
| -rwxr-xr-x | userprefs.cgi | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/userprefs.cgi b/userprefs.cgi index 085372bac..cffae38cc 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -517,6 +517,9 @@ trick_taint($current_tab_name); $vars->{'current_tab_name'} = $current_tab_name; +my $token = $cgi->param('token'); +check_token_data($token, 'edit_user_prefs') if $cgi->param('dosave'); + # Do any saving, and then display the current tab. SWITCH: for ($current_tab_name) { /^account$/ && do { @@ -547,6 +550,11 @@ SWITCH: for ($current_tab_name) { { current_tab_name => $current_tab_name }); } +delete_token($token) if $cgi->param('dosave'); +if ($current_tab_name ne 'permissions') { + $vars->{'token'} = issue_session_token('edit_user_prefs'); +} + # Generate and return the UI (HTML page) from the appropriate template. print $cgi->header(); $template->process("account/prefs/prefs.html.tmpl", $vars) |