Skip to content

bugzilla
bugzilla
Commit 637fb098 authored by Frédéric Buclin's avatar Frédéric Buclin
Browse files
Options

Bug 911593: (CVE-2013-1733) [SECURITY] CSRF in process_bug.cgi

r=dkl a=sgreen
parent e78f6c00
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 11 deletions
process_bug.cgi
View file @ 637fb098
...@@ -111,25 +111,24 @@ print $cgi->header() unless Bugzilla->usage_mode == USAGE_MODE_EMAIL; ...@@ -111,25 +111,24 @@ print $cgi->header() unless Bugzilla->usage_mode == USAGE_MODE_EMAIL;
# Check for a mid-air collision. Currently this only works when updating # Check for a mid-air collision. Currently this only works when updating
# an individual bug. # an individual bug.
if (defined $cgi->param('delta_ts')) my $delta_ts = $cgi->param('delta_ts');
{
my $delta_ts_z = datetime_from($cgi->param('delta_ts')); if ($delta_ts) {
my $delta_ts_z = datetime_from($delta_ts)
or ThrowCodeError('invalid_timestamp', { timestamp => $delta_ts });
my $first_delta_tz_z = datetime_from($first_bug->delta_ts); my $first_delta_tz_z = datetime_from($first_bug->delta_ts);
if ($first_delta_tz_z ne $delta_ts_z) {
($vars->{'operations'}) = $first_bug->get_activity(undef, $cgi->param('delta_ts'));
ThrowCodeError('undefined_field', { field => 'longdesclength' }) if ($first_delta_tz_z ne $delta_ts_z) {
if !defined $cgi->param('longdesclength'); ($vars->{'operations'}) = $first_bug->get_activity(undef, $delta_ts);
my $start_at = $cgi->param('longdesclength'); my $start_at = $cgi->param('longdesclength')
or ThrowCodeError('undefined_field', { field => 'longdesclength' });
# Always sort midair collision comments oldest to newest, # Always sort midair collision comments oldest to newest,
# regardless of the user's personal preference. # regardless of the user's personal preference.
my $comments = $first_bug->comments({ order => "oldest_to_newest" }); my $comments = $first_bug->comments({ order => "oldest_to_newest" });
# The token contains the old delta_ts. We need a new one.
$cgi->param('token', issue_hash_token([$first_bug->id, $first_bug->delta_ts]));
# Show midair if previous changes made other than CC # Show midair if previous changes made other than CC
# and/or one or more comments were made # and/or one or more comments were made
my $do_midair = scalar @$comments > $start_at ? 1 : 0; my $do_midair = scalar @$comments > $start_at ? 1 : 0;
...@@ -149,6 +148,8 @@ if (defined $cgi->param('delta_ts')) ...@@ -149,6 +148,8 @@ if (defined $cgi->param('delta_ts'))
$vars->{'start_at'} = $start_at; $vars->{'start_at'} = $start_at;
$vars->{'comments'} = $comments; $vars->{'comments'} = $comments;
$vars->{'bug'} = $first_bug; $vars->{'bug'} = $first_bug;
# The token contains the old delta_ts. We need a new one.
$cgi->param('token', issue_hash_token([$first_bug->id, $first_bug->delta_ts]));
# Warn the user about the mid-air collision and ask them what to do. # Warn the user about the mid-air collision and ask them what to do.
$template->process("bug/process/midair.html.tmpl", $vars) $template->process("bug/process/midair.html.tmpl", $vars)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment