Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized…

Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized setting of default search options [r=LpSolit a=LpSolit]

Bug 754672 - CSRF vulnerability in buglist.cgi allows possible unauthorized…
038df43c · Reed Loden · 9245e5ca · 038df43c · 038df43c
Commit 038df43c authored May 29, 2012 by Reed Loden
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 9 deletions

buglist.cgi buglist.cgi +2 -0

knob.html.tmpl template/en/default/search/knob.html.tmpl +14 -9

No files found.
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -434,6 +434,8 @@ if ($cmdtype eq "dorem") {
 elsif (($cmdtype eq "doit") && defined $cgi->param('remtype')) {
    if ($cgi->param('remtype') eq "asdefault") {
        $user = Bugzilla->login(LOGIN_REQUIRED);
+        my $token = $cgi->param('token');
+        check_hash_token($token, ['searchknob']);
        InsertNamedQuery(DEFAULT_QUERY_NAME, $buffer);
        $vars->{'message'} = "buglist_new_default_query";
    }

--- a/template/en/default/search/knob.html.tmpl
+++ b/template/en/default/search/knob.html.tmpl
@@ -23,6 +23,9 @@
   "Last Changed" => "Last Changed" } %]

 <input type="hidden" name="cmdtype" value="doit">
+[% IF user.id %]
+  <input type="hidden" name="token" value="[% issue_hash_token(['searchknob']) FILTER html %]">
+[% END %]

 <p>
  <label for="order">Sort results by</label>:
@@ -39,7 +42,7 @@
  <input type="submit" id="[% button_name FILTER html %]"
         value="[% button_name FILTER html %]">
  [% IF known_name %]
-    [%# We store known_name in case the user add a boolean chart. %]
+    [%# We store known_name in case the user adds a boolean chart. %]
    <input type="hidden" name="known_name" value="[% known_name FILTER html %]">

    [%# The name of the existing query will be passed to buglist.cgi. %]
@@ -51,14 +54,16 @@
  [% END %]
 </p>

-<p>
-  &nbsp;&nbsp;&nbsp;
-  <input type="checkbox" id="remasdefault"
-         name="remtype" value="asdefault">
-  <label for="remasdefault">
-    and remember these as my default search options
-  </label>
-</p>
+[% IF user.id %]
+  <p>
+    &nbsp;&nbsp;&nbsp;
+    <input type="checkbox" id="remasdefault"
+           name="remtype" value="asdefault">
+    <label for="remasdefault">
+      and remember these as my default search options
+    </label>
+  </p>
+[% END %]
        
 [% IF userdefaultquery %]
  <p>