Bug 281181: [SECURITY] It's way too easy to delete…

Bugzilla/Token.pm

@@ -18,6 +18,7 @@
 # Rights Reserved.
 #
 # Contributor(s):    Myk Melez <myk@mozilla.org>
+#                    Frédéric Buclin <LpSolit@gmail.com>
 
 ################################################################################
 # Module Initialization
@@ -36,6 +37,11 @@ use Bugzilla::Util;
 
 use Date::Format;
 use Date::Parse;
+use File::Basename;
+
+use base qw(Exporter);
+
+@Bugzilla::Token::EXPORT = qw(issue_session_token check_token_data delete_token);
 
 ################################################################################
 # Public Functions
@@ -156,7 +162,7 @@ sub IssuePasswordToken {
     MessageToMTA($message);
 }
 
-sub IssueSessionToken {
+sub issue_session_token {
     # Generates a random token, adds it to the tokens table, and returns
     # the token to the caller.
 
@@ -243,7 +249,7 @@ sub Cancel {
     MessageToMTA($message);
 
     # Delete the token from the database.
-    DeleteToken($token);
+    delete_token($token);
 }
 
 sub DeletePasswordTokens {
@@ -279,6 +285,7 @@ sub GetTokenData {
     my $dbh = Bugzilla->dbh;
 
     return unless defined $token;
+    $token = clean_text($token);
     trick_taint($token);
 
     return $dbh->selectrow_array(
@@ -288,7 +295,7 @@ sub GetTokenData {
 }
 
 # Deletes specified token
-sub DeleteToken {
+sub delete_token {
     my ($token) = @_;
     my $dbh = Bugzilla->dbh;
 
@@ -300,6 +307,50 @@ sub DeleteToken {
     $dbh->bz_unlock_tables();
 }
 
+# Given a token, makes sure it comes from the currently logged in user
+# and match the expected event. Returns 1 on success, else displays a warning.
+# Note: this routine must not be called while tables are locked as it will try
+# to lock some tables itself, see CleanTokenTable().
+sub check_token_data {
+    my ($token, $expected_action) = @_;
+    my $user = Bugzilla->user;
+    my $template = Bugzilla->template;
+    my $cgi = Bugzilla->cgi;
+
+    my ($creator_id, $date, $token_action) = GetTokenData($token);
+    unless ($creator_id
+            && $creator_id == $user->id
+            && $token_action eq $expected_action)
+    {
+        # Something is going wrong. Ask confirmation before processing.
+        # It is possible that someone tried to trick an administrator.
+        # In this case, we want to know his name!
+        require Bugzilla::User;
+
+        my $vars = {};
+        $vars->{'abuser'} = Bugzilla::User->new($creator_id)->identity;
+        $vars->{'token_action'} = $token_action;
+        $vars->{'expected_action'} = $expected_action;
+        $vars->{'script_name'} = basename($0);
+
+        # Now is a good time to remove old tokens from the DB.
+        CleanTokenTable();
+
+        # If no token was found, create a valid token for the given action.
+        unless ($creator_id) {
+            $token = issue_session_token($expected_action);
+            $cgi->param('token', $token);
+        }
+
+        print $cgi->header();
+
+        $template->process('admin/confirm-action.html.tmpl', $vars)
+          || ThrowTemplateError($template->error());
+        exit;
+    }
+    return 1;
+}
+
 ################################################################################
 # Internal Functions
 ################################################################################

attachment.cgi

@@ -825,7 +825,7 @@ sub delete_attachment {
         }
 
         # Now delete the token.
-        Bugzilla::Token::DeleteToken($token);
+        delete_token($token);
 
         # Paste the reason provided by the admin into a comment.
         AppendComment($bug_id, $user->id, $msg);
@@ -835,7 +835,7 @@ sub delete_attachment {
     }
     else {
         # Create a token.
-        $token = Bugzilla::Token::IssueSessionToken('attachment' . $attach_id);
+        $token = issue_session_token('attachment' . $attach_id);
 
         $vars->{'a'} = $attachment;
         $vars->{'token'} = $token;

editclassifications.cgi

@@ -28,6 +28,7 @@ use Bugzilla::Constants;
 use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::Classification;
+use Bugzilla::Token;
 
 my $dbh = Bugzilla->dbh;
 my $cgi = Bugzilla->cgi;
@@ -68,7 +69,8 @@ ThrowUserError("auth_classification_not_enabled")
 #
 my $action     = trim($cgi->param('action')         || '');
 my $class_name = trim($cgi->param('classification') || '');
-    
+my $token      = $cgi->param('token');
+
 #
 # action='' -> Show nice list of classifications
 #
@@ -88,6 +90,7 @@ unless ($action) {
 #
 
 if ($action eq 'add') {
+    $vars->{'token'} = issue_session_token('add_classification');
     LoadTemplate($action);
 }
 
@@ -96,6 +99,7 @@ if ($action eq 'add') {
 #
 
 if ($action eq 'new') {
+    check_token_data($token, 'add_classification');
 
     $class_name || ThrowUserError("classification_not_specified");
 
@@ -124,6 +128,7 @@ if ($action eq 'new') {
 
     $vars->{'classification'} = $class_name;
 
+    delete_token($token);
     LoadTemplate($action);
 }
 
@@ -147,6 +152,7 @@ if ($action eq 'del') {
     }
 
     $vars->{'classification'} = $classification;
+    $vars->{'token'} = issue_session_token('delete_classification');
 
     LoadTemplate($action);
 }
@@ -156,6 +162,7 @@ if ($action eq 'del') {
 #
 
 if ($action eq 'delete') {
+    check_token_data($token, 'delete_classification');
 
     my $classification =
         Bugzilla::Classification::check_classification($class_name);
@@ -179,6 +186,7 @@ if ($action eq 'delete') {
 
     $vars->{'classification'} = $classification;
 
+    delete_token($token);
     LoadTemplate($action);
 }
 
@@ -194,6 +202,7 @@ if ($action eq 'edit') {
         Bugzilla::Classification::check_classification($class_name);
 
     $vars->{'classification'} = $classification;
+    $vars->{'token'} = issue_session_token('edit_classification');
 
     LoadTemplate($action);
 }
@@ -203,6 +212,7 @@ if ($action eq 'edit') {
 #
 
 if ($action eq 'update') {
+    check_token_data($token, 'edit_classification');
 
     $class_name || ThrowUserError("classification_not_specified");
 
@@ -254,6 +264,7 @@ if ($action eq 'update') {
 
     $dbh->bz_unlock_tables();
 
+    delete_token($token);
     LoadTemplate($action);
 }
 
@@ -270,25 +281,30 @@ if ($action eq 'reclassify') {
                              WHERE name = ?");
 
     if (defined $cgi->param('add_products')) {
+        check_token_data($token, 'reclassify_classifications');
         if (defined $cgi->param('prodlist')) {
             foreach my $prod ($cgi->param("prodlist")) {
                 trick_taint($prod);
                 $sth->execute($classification->id, $prod);
             }
         }
+        delete_token($token);
     } elsif (defined $cgi->param('remove_products')) {
+        check_token_data($token, 'reclassify_classifications');
         if (defined $cgi->param('myprodlist')) {
             foreach my $prod ($cgi->param("myprodlist")) {
                 trick_taint($prod);
                 $sth->execute(1,$prod);
             }
         }
+        delete_token($token);
     }
 
     my @classifications = 
         Bugzilla::Classification::get_all_classifications;
     $vars->{'classifications'} = \@classifications;
     $vars->{'classification'} = $classification;
+    $vars->{'token'} = issue_session_token('reclassify_classifications');
 
     LoadTemplate($action);
 }

editcomponents.cgi

@@ -39,6 +39,7 @@ use Bugzilla::User;
 use Bugzilla::Product;
 use Bugzilla::Component;
 use Bugzilla::Bug;
+use Bugzilla::Token;
 
 ###############
 # Subroutines #
@@ -86,6 +87,7 @@ my $product_name  = trim($cgi->param('product')     || '');
 my $comp_name     = trim($cgi->param('component')   || '');
 my $action        = trim($cgi->param('action')      || '');
 my $showbugcounts = (defined $cgi->param('showbugcounts'));
+my $token         = $cgi->param('token');
 
 #
 # product = '' -> Show nice list of products
@@ -130,7 +132,7 @@ unless ($action) {
 #
 
 if ($action eq 'add') {
-
+    $vars->{'token'} = issue_session_token('add_component');
     $vars->{'product'} = $product;
     $template->process("admin/components/create.html.tmpl", $vars)
         || ThrowTemplateError($template->error());
@@ -145,7 +147,7 @@ if ($action eq 'add') {
 #
 
 if ($action eq 'new') {
-    
+    check_token_data($token, 'add_component');
     # Do the user matching
     Bugzilla::User::match_field ($cgi, {
         'initialowner'     => { 'type' => 'single' },
@@ -244,6 +246,8 @@ if ($action eq 'new') {
 
     $vars->{'comp'} = $component;
     $vars->{'product'} = $product;
+    delete_token($token);
+
     $template->process("admin/components/created.html.tmpl",
                        $vars)
       || ThrowTemplateError($template->error());
@@ -260,7 +264,7 @@ if ($action eq 'new') {
 #
 
 if ($action eq 'del') {
-    
+    $vars->{'token'} = issue_session_token('delete_component');
     $vars->{'comp'} =
         Bugzilla::Component::check_component($product, $comp_name);
 
@@ -279,7 +283,7 @@ if ($action eq 'del') {
 #
 
 if ($action eq 'delete') {
-
+    check_token_data($token, 'delete_component');
     my $component =
         Bugzilla::Component::check_component($product, $comp_name);
 
@@ -313,6 +317,8 @@ if ($action eq 'delete') {
 
     $vars->{'comp'} = $component;
     $vars->{'product'} = $product;
+    delete_token($token);
+
     $template->process("admin/components/deleted.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
     exit;
@@ -327,7 +333,7 @@ if ($action eq 'delete') {
 #
 
 if ($action eq 'edit') {
-
+    $vars->{'token'} = issue_session_token('edit_component');
     my $component =
         Bugzilla::Component::check_component($product, $comp_name);
     $vars->{'comp'} = $component;
@@ -351,7 +357,7 @@ if ($action eq 'edit') {
 #
 
 if ($action eq 'update') {
-
+    check_token_data($token, 'edit_component');
     # Do the user matching
     Bugzilla::User::match_field ($cgi, {
         'initialowner'     => { 'type' => 'single' },
@@ -459,6 +465,8 @@ if ($action eq 'update') {
     $vars->{'initial_cc_names'} = 
         join(', ', map($_->login, @{$component->initial_cc}));
     $vars->{'product'} = $product;
+    delete_token($token);
+
     $template->process("admin/components/updated.html.tmpl",
                        $vars)
       || ThrowTemplateError($template->error());

editfields.cgi

@@ -23,6 +23,7 @@ use Bugzilla::Constants;
 use Bugzilla::Error;
 use Bugzilla::Util;
 use Bugzilla::Field;
+use Bugzilla::Token;
 
 my $cgi = Bugzilla->cgi;
 my $template = Bugzilla->template;
@@ -36,6 +37,7 @@ $user->in_group('admin')
                                      object => 'custom_fields'});
 
 my $action = trim($cgi->param('action') || '');
+my $token  = $cgi->param('token');
 
 print $cgi->header();
 
@@ -46,10 +48,13 @@ if (!$action) {
 }
 # Interface to add a new custom field.
 elsif ($action eq 'add') {
+    $vars->{'token'} = issue_session_token('add_field');
+
     $template->process('admin/custom_fields/create.html.tmpl', $vars)
         || ThrowTemplateError($template->error());
 }
 elsif ($action eq 'new') {
+    check_token_data($token, 'add_field');
     my $name = clean_text($cgi->param('name') || '');
     my $desc = clean_text($cgi->param('desc') || '');
     my $type = trim($cgi->param('type') || FIELD_TYPE_FREETEXT);
@@ -93,6 +98,7 @@ elsif ($action eq 'new') {
     $vars->{'is_obsolete'} = $cgi->param('obsolete') ? 1 : 0;
 
     Bugzilla::Field::create_or_update($vars);
+    delete_token($token);
 
     $vars->{'message'} = 'custom_field_created';
 
@@ -109,11 +115,13 @@ elsif ($action eq 'edit') {
     $field || ThrowUserError('customfield_nonexistent', {'name' => $name});
 
     $vars->{'field'} = $field;
+    $vars->{'token'} = issue_session_token('edit_field');
 
     $template->process('admin/custom_fields/edit.html.tmpl', $vars)
         || ThrowTemplateError($template->error());
 }
 elsif ($action eq 'update') {
+    check_token_data($token, 'edit_field');
     my $name = $cgi->param('name');
     my $desc = clean_text($cgi->param('desc') || '');
     my $sortkey = $cgi->param('sortkey') || 0;
@@ -144,18 +152,13 @@ elsif ($action eq 'update') {
     $vars->{'is_obsolete'} = $cgi->param('obsolete') ? 1 : 0;
 
     Bugzilla::Field::create_or_update($vars);
+    delete_token($token);
 
     $vars->{'message'} = 'custom_field_updated';
 
     $template->process('admin/custom_fields/list.html.tmpl', $vars)
         || ThrowTemplateError($template->error());
 }
-elsif ($action eq 'del') {
-    die "not yet implemented...\n";
-}
-elsif ($action eq 'delete') {
-    die "not yet implemented...\n";
-}
 else {
     ThrowUserError('no_valid_action', {'field' => 'custom_field'});
 }

editflagtypes.cgi

@@ -41,6 +41,7 @@ use Bugzilla::Product;
 use Bugzilla::Component;
 use Bugzilla::Bug;
 use Bugzilla::Attachment;
+use Bugzilla::Token;
 
 local our $cgi = Bugzilla->cgi;
 local our $template = Bugzilla->template;
@@ -63,11 +64,12 @@ $user->in_group('editcomponents')
 
 # Determine whether to use the action specified by the user or the default.
 my $action = $cgi->param('action') || 'list';
+my $token  = $cgi->param('token');
 my @categoryActions;
 
 if (@categoryActions = grep(/^categoryAction-.+/, $cgi->param())) {
     $categoryActions[0] =~ s/^categoryAction-//;
-    processCategoryChange($categoryActions[0]);
+    processCategoryChange($categoryActions[0], $token);
     exit;
 }
 
@@ -75,11 +77,11 @@ if    ($action eq 'list')           { list();           }
 elsif ($action eq 'enter')          { edit($action);    }
 elsif ($action eq 'copy')           { edit($action);    }
 elsif ($action eq 'edit')           { edit($action);    }
-elsif ($action eq 'insert')         { insert();         }
-elsif ($action eq 'update')         { update();         }
+elsif ($action eq 'insert')         { insert($token);   }
+elsif ($action eq 'update')         { update($token);   }
 elsif ($action eq 'confirmdelete')  { confirmDelete();  } 
-elsif ($action eq 'delete')         { deleteType();     }
-elsif ($action eq 'deactivate')     { deactivate();     }
+elsif ($action eq 'delete')         { deleteType(undef, $token); }
+elsif ($action eq 'deactivate')     { deactivate($token); }
 else { 
     ThrowCodeError("action_unrecognized", { action => $action });
 }
@@ -167,9 +169,11 @@ sub edit {
     $vars->{'last_action'} = $cgi->param('action');
     if ($cgi->param('action') eq 'enter' || $cgi->param('action') eq 'copy') {
         $vars->{'action'} = "insert";
+        $vars->{'token'} = issue_session_token('add_flagtype');
     }
     else { 
         $vars->{'action'} = "update";
+        $vars->{'token'} = issue_session_token('edit_flagtype');
     }
 
     # If copying or editing an existing flag type, retrieve it.
@@ -197,7 +201,7 @@ sub edit {
 }
 
 sub processCategoryChange {
-    my $categoryAction = shift;
+    my ($categoryAction, $token) = @_;
     validateIsActive();
     validateIsRequestable();
     validateIsRequesteeble();
@@ -252,7 +256,8 @@ sub processCategoryChange {
     $type->{'inclusions'} = \%inclusions;
     $type->{'exclusions'} = \%exclusions;
     $vars->{'type'} = $type;
-    
+    $vars->{'token'} = $token;
+
     # Return the appropriate HTTP response headers.
     print $cgi->header();
 
@@ -287,6 +292,8 @@ sub clusion_array_to_hash {
 }
 
 sub insert {
+    my $token = shift;
+    check_token_data($token, 'add_flagtype');
     my $name = validateName();
     my $description = validateDescription();
     my $cc_list = validateCCList();
@@ -329,6 +336,7 @@ sub insert {
 
     $vars->{'name'} = $cgi->param('name');
     $vars->{'message'} = "flag_type_created";
+    delete_token($token);
 
     # Return the appropriate HTTP response headers.
     print $cgi->header();
@@ -340,6 +348,8 @@ sub insert {
 
 
 sub update {
+    my $token = shift;
+    check_token_data($token, 'edit_flagtype');
     my $flag_type = validateID();
     my $id = $flag_type->id;
     my $name = validateName();
@@ -426,6 +436,7 @@ sub update {
 
     $vars->{'name'} = $cgi->param('name');
     $vars->{'message'} = "flag_type_changes_saved";
+    delete_token($token);
 
     # Return the appropriate HTTP response headers.
     print $cgi->header();
@@ -441,7 +452,7 @@ sub confirmDelete {
 
   if ($flag_type->flag_count) {
     $vars->{'flag_type'} = $flag_type;
-
+    $vars->{'token'} = issue_session_token('delete_flagtype');
     # Return the appropriate HTTP response headers.
     print $cgi->header();
 
@@ -450,13 +461,18 @@ sub confirmDelete {
       || ThrowTemplateError($template->error());
   } 
   else {
-    deleteType($flag_type);
+    # We should *always* ask if the admin really wants to delete
+    # a flagtype, even if there is no flag belonging to this type.
+    my $token = issue_session_token('delete_flagtype');
+    deleteType($flag_type, $token);
   }
 }
 
 
 sub deleteType {
     my $flag_type = shift || validateID();
+    my $token = shift;
+    check_token_data($token, 'delete_flagtype');
     my $id = $flag_type->id;
     my $dbh = Bugzilla->dbh;
 
@@ -474,6 +490,7 @@ sub deleteType {
     $dbh->bz_unlock_tables();
 
     $vars->{'message'} = "flag_type_deleted";
+    delete_token($token);
 
     # Return the appropriate HTTP response headers.
     print $cgi->header();
@@ -485,6 +502,8 @@ sub deleteType {
 
 
 sub deactivate {
+    my $token = shift;
+    check_token_data($token, 'delete_flagtype');
     my $flag_type = validateID();
     validateIsActive();
 
@@ -496,6 +515,7 @@ sub deactivate {
 
     $vars->{'message'} = "flag_type_deactivated";
     $vars->{'flag_type'} = $flag_type;
+    delete_token($token);
 
     # Return the appropriate HTTP response headers.
     print $cgi->header();

editgroups.cgi

@@ -35,6 +35,7 @@ use Bugzilla::Error;
 use Bugzilla::Group;
 use Bugzilla::Product;
 use Bugzilla::User;
+use Bugzilla::Token;
 
 my $cgi = Bugzilla->cgi;
 my $dbh = Bugzilla->dbh;
@@ -51,6 +52,7 @@ $user->in_group('creategroups')
                                      object => "groups"});
 
 my $action = trim($cgi->param('action') || '');
+my $token  = $cgi->param('token');
 
 # Add missing entries in bug_group_map for bugs created while
 # a mandatory group was disabled and which is now enabled again.
@@ -220,6 +222,7 @@ if ($action eq 'changeform') {
     $vars->{'isactive'}    = $isactive;
     $vars->{'isbuggroup'}  = $isbuggroup;
     $vars->{'groups'}      = \@groups;
+    $vars->{'token'}       = issue_session_token('edit_group');
 
     print $cgi->header();
     $template->process("admin/groups/edit.html.tmpl", $vars)
@@ -235,6 +238,7 @@ if ($action eq 'changeform') {
 #
 
 if ($action eq 'add') {
+    $vars->{'token'} = issue_session_token('add_group');
     print $cgi->header();
     $template->process("admin/groups/create.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
@@ -249,6 +253,7 @@ if ($action eq 'add') {
 #
 
 if ($action eq 'new') {
+    check_token_data($token, 'add_group');
     # Check that a not already used group name is given, that
     # a description is also given and check if the regular
     # expression is valid (if any).
@@ -284,6 +289,7 @@ if ($action eq 'new') {
                   undef, ($gid, CONTROLMAPSHOWN, CONTROLMAPNA));
     }
     Bugzilla::Group::RederiveRegexp($regexp, $gid);
+    delete_token($token);
 
     print $cgi->header();
     $template->process("admin/groups/created.html.tmpl", $vars)
@@ -356,6 +362,7 @@ if ($action eq 'del') {
     $vars->{'hasflags'}       = $hasflags;
     $vars->{'shared_queries'} = $shared_queries;
     $vars->{'buglist'}        = $buglist;
+    $vars->{'token'}          = issue_session_token('delete_group');
 
     print $cgi->header();
     $template->process("admin/groups/delete.html.tmpl", $vars)
@@ -369,6 +376,7 @@ if ($action eq 'del') {
 #
 
 if ($action eq 'delete') {
+    check_token_data($token, 'delete_group');
     # Check that an existing group ID is given
     my $gid = CheckGroupID($cgi->param('group'));
     my ($name, $isbuggroup) =
@@ -455,6 +463,8 @@ if ($action eq 'delete') {
     $dbh->do('DELETE FROM groups WHERE id = ?',
               undef, $gid);
 
+    delete_token($token);
+
     print $cgi->header();
     $template->process("admin/groups/deleted.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
@@ -467,6 +477,7 @@ if ($action eq 'delete') {
 #
 
 if ($action eq 'postchanges') {
+    check_token_data($token, 'edit_group');
     # ZLL: Bug 181589: we need to have something to remove explicitly listed users from
     # groups in order for the conversion to 2.18 groups to work
     my $action;
@@ -488,7 +499,8 @@ if ($action eq 'postchanges') {
     if ($action == 2) {
         $vars->{'regexp'} = $regexp;
     }
-    
+    delete_token($token);
+
     print $cgi->header();
     $template->process("admin/groups/change.html.tmpl", $vars)
       || ThrowTemplateError($template->error());

editkeywords.cgi

@@ -28,6 +28,7 @@ use Bugzilla::Constants;
 use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::Keyword;
+use Bugzilla::Token;
 
 my $cgi = Bugzilla->cgi;
 my $dbh = Bugzilla->dbh;
@@ -49,6 +50,8 @@ $user->in_group('editkeywords')
 
 my $action = trim($cgi->param('action')  || '');
 my $key_id = $cgi->param('id');
+my $token  = $cgi->param('token');
+
 $vars->{'action'} = $action;
 
 
@@ -64,6 +67,8 @@ if ($action eq "") {
     
 
 if ($action eq 'add') {
+    $vars->{'token'} = issue_session_token('add_keyword');
+
     print $cgi->header();
 
     $template->process("admin/keywords/create.html.tmpl", $vars)
@@ -76,12 +81,15 @@ if ($action eq 'add') {
 # action='new' -> add keyword entered in the 'action=add' screen
 #
 if ($action eq 'new') {
+    check_token_data($token, 'add_keyword');
     my $name = $cgi->param('name') || '';
     my $desc = $cgi->param('description')  || '';
 
     my $keyword = Bugzilla::Keyword->create(
         { name => $name, description => $desc });
 
+    delete_token($token);
+
     print $cgi->header();
 
     $vars->{'name'} = $keyword->name;
@@ -104,6 +112,7 @@ if ($action eq 'edit') {
         || ThrowCodeError('invalid_keyword_id', { id => $key_id });
 
     $vars->{'keyword'} = $keyword;
+    $vars->{'token'} = issue_session_token('edit_keyword');
 
     print $cgi->header();
     $template->process("admin/keywords/edit.html.tmpl", $vars)
@@ -117,6 +126,7 @@ if ($action eq 'edit') {
 #
 
 if ($action eq 'update') {
+    check_token_data($token, 'edit_keyword');
     my $keyword = new Bugzilla::Keyword($key_id)
         || ThrowCodeError('invalid_keyword_id', { id => $key_id });
 
@@ -124,6 +134,8 @@ if ($action eq 'update') {
     $keyword->set_description($cgi->param('description'));
     $keyword->update();
 
+    delete_token($token);
+
     print $cgi->header();
 
     $vars->{'keyword'} = $keyword;
@@ -140,16 +152,25 @@ if ($action eq 'delete') {
 
     $vars->{'keyword'} = $keyword;
 
+    # We need this token even if there is no bug using this keyword.
+    $token = issue_session_token('delete_keyword');
+
     if (!$cgi->param('reallydelete') && $keyword->bug_count) {
+        $vars->{'token'} = $token;
+
         print $cgi->header();
         $template->process("admin/keywords/confirm-delete.html.tmpl", $vars)
             || ThrowTemplateError($template->error());
         exit;
     }
+    # We cannot do this check earlier as we have to check 'reallydelete' first.
+    check_token_data($token, 'delete_keyword');
 
     $dbh->do('DELETE FROM keywords WHERE keywordid = ?', undef, $keyword->id);
     $dbh->do('DELETE FROM keyworddefs WHERE id = ?', undef, $keyword->id);
 
+    delete_token($token);
+
     print $cgi->header();
 
     $template->process("admin/keywords/rebuild-cache.html.tmpl", $vars)

editmilestones.cgi

@@ -26,6 +26,7 @@ use Bugzilla::Error;
 use Bugzilla::Product;
 use Bugzilla::Milestone;
 use Bugzilla::Bug;
+use Bugzilla::Token;
 
 my $cgi = Bugzilla->cgi;
 my $dbh = Bugzilla->dbh;
@@ -54,6 +55,7 @@ my $milestone_name = trim($cgi->param('milestone')   || '');
 my $sortkey        = trim($cgi->param('sortkey')     || 0);
 my $action         = trim($cgi->param('action')      || '');
 my $showbugcounts = (defined $cgi->param('showbugcounts'));
+my $token          = $cgi->param('token');
 
 #
 # product = '' -> Show nice list of products
@@ -101,7 +103,7 @@ unless ($action) {
 #
 
 if ($action eq 'add') {
-
+    $vars->{'token'} = issue_session_token('add_milestone');
     $vars->{'product'} = $product;
     $template->process("admin/milestones/create.html.tmpl",
                        $vars)
@@ -117,7 +119,7 @@ if ($action eq 'add') {
 #
 
 if ($action eq 'new') {
-
+    check_token_data($token, 'add_milestone');
     $milestone_name || ThrowUserError('milestone_blank_name');
 
     if (length($milestone_name) > 20) {
@@ -145,6 +147,8 @@ if ($action eq 'new') {
 
     $milestone = new Bugzilla::Milestone($product->id,
                                          $milestone_name);
+    delete_token($token);
+
     $vars->{'milestone'} = $milestone;
     $vars->{'product'} = $product;
     $template->process("admin/milestones/created.html.tmpl",
@@ -174,6 +178,7 @@ if ($action eq 'del') {
     if ($product->default_milestone eq $milestone->name) {
         ThrowUserError("milestone_is_default", $vars);
     }
+    $vars->{'token'} = issue_session_token('delete_milestone');
 
     $template->process("admin/milestones/confirm-delete.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
@@ -187,7 +192,7 @@ if ($action eq 'del') {
 #
 
 if ($action eq 'delete') {
-
+    check_token_data($token, 'delete_milestone');
     my $milestone =
         Bugzilla::Milestone::check_milestone($product,
                                              $milestone_name);
@@ -223,6 +228,8 @@ if ($action eq 'delete') {
     $dbh->do("DELETE FROM milestones WHERE product_id = ? AND value = ?",
              undef, ($product->id, $milestone->name));
 
+    delete_token($token);
+
     $template->process("admin/milestones/deleted.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
     exit;
@@ -244,6 +251,7 @@ if ($action eq 'edit') {
 
     $vars->{'milestone'} = $milestone;
     $vars->{'product'} = $product;
+    $vars->{'token'} = issue_session_token('edit_milestone');
 
     $template->process("admin/milestones/edit.html.tmpl",
                        $vars)
@@ -259,7 +267,7 @@ if ($action eq 'edit') {
 #
 
 if ($action eq 'update') {
-
+    check_token_data($token, 'edit_milestone');
     my $milestone_old_name = trim($cgi->param('milestoneold') || '');
     my $milestone_old =
         Bugzilla::Milestone::check_milestone($product,
@@ -338,6 +346,8 @@ if ($action eq 'update') {
     my $milestone =
         Bugzilla::Milestone::check_milestone($product,
                                              $milestone_name);
+    delete_token($token);
+
     $vars->{'milestone'} = $milestone;
     $vars->{'product'} = $product;
     $template->process("admin/milestones/updated.html.tmpl",

editparams.cgi

@@ -31,6 +31,7 @@ use Bugzilla::Config qw(:admin);
 use Bugzilla::Config::Common;
 use Bugzilla::Util;
 use Bugzilla::Error;
+use Bugzilla::Token;
 
 my $user = Bugzilla->login(LOGIN_REQUIRED);
 my $cgi = Bugzilla->cgi;
@@ -45,6 +46,7 @@ $user->in_group('tweakparams')
                                      object => "parameters"});
 
 my $action = trim($cgi->param('action') || '');
+my $token  = $cgi->param('token');
 my $current_panel = $cgi->param('section') || 'core';
 $current_panel =~ /^([A-Za-z0-9_-]+)$/;
 $current_panel = $1;
@@ -66,6 +68,7 @@ foreach my $panel (Bugzilla::Config::param_panels()) {
 $vars->{panels} = \@panels;
 
 if ($action eq 'save' && $current_module) {
+    check_token_data($token, 'edit_parameters');
     my @changes = ();
     my @module_param_list = "Bugzilla::Config::${current_module}"->get_param_list(1);
 
@@ -125,7 +128,10 @@ if ($action eq 'save' && $current_module) {
     $vars->{'param_changed'} = \@changes;
 
     write_params();
+    delete_token($token);
 }
 
+$vars->{'token'} = issue_session_token('edit_parameters');
+
 $template->process("admin/params/editparams.html.tmpl", $vars)
     || ThrowTemplateError($template->error());

editproducts.cgi

@@ -47,6 +47,7 @@ use Bugzilla::Milestone;
 use Bugzilla::Group;
 use Bugzilla::User;
 use Bugzilla::Field;
+use Bugzilla::Token;
 
 #
 # Preliminary checks:
@@ -74,6 +75,7 @@ my $classification_name = trim($cgi->param('classification') || '');
 my $product_name = trim($cgi->param('product') || '');
 my $action  = trim($cgi->param('action')  || '');
 my $showbugcounts = (defined $cgi->param('showbugcounts'));
+my $token = $cgi->param('token');
 
 #
 # product = '' -> Show nice list of classifications (if
@@ -128,12 +130,13 @@ if (!$action && !$product_name) {
 #
 
 if ($action eq 'add') {
-
     if (Bugzilla->params->{'useclassification'}) {
         my $classification = 
             Bugzilla::Classification::check_classification($classification_name);
         $vars->{'classification'} = $classification;
     }
+    $vars->{'token'} = issue_session_token('add_product');
+
     $template->process("admin/products/create.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
 
@@ -146,7 +149,7 @@ if ($action eq 'add') {
 #
 
 if ($action eq 'new') {
-
+    check_token_data($token, 'add_product');
     # Cleanups and validity checks
 
     my $classification_id = 1;
@@ -306,6 +309,8 @@ if ($action eq 'new') {
             $series->writeToDatabase();
         }
     }
+    delete_token($token);
+
     $vars->{'product'} = $product;
 
     $template->process("admin/products/created.html.tmpl", $vars)
@@ -339,6 +344,7 @@ if ($action eq 'del') {
     }
 
     $vars->{'product'} = $product;
+    $vars->{'token'} = issue_session_token('delete_product');
 
     $template->process("admin/products/confirm-delete.html.tmpl", $vars)
         || ThrowTemplateError($template->error());
@@ -350,6 +356,7 @@ if ($action eq 'del') {
 #
 
 if ($action eq 'delete') {
+    check_token_data($token, 'delete_product');
     # First make sure the product name is valid.
     my $product = Bugzilla::Product::check_product($product_name);
 
@@ -413,6 +420,8 @@ if ($action eq 'delete') {
 
     $dbh->bz_unlock_tables();
 
+    delete_token($token);
+
     $template->process("admin/products/deleted.html.tmpl", $vars)
         || ThrowTemplateError($template->error());
     exit;
@@ -467,9 +476,9 @@ if ($action eq 'edit' || (!$action && $product_name)) {
         }
     }
     $vars->{'group_controls'} = $group_controls;
-
     $vars->{'product'} = $product;
-        
+    $vars->{'token'} = issue_session_token('edit_product');
+
     $template->process("admin/products/edit.html.tmpl", $vars)
         || ThrowTemplateError($template->error());
 
@@ -481,6 +490,7 @@ if ($action eq 'edit' || (!$action && $product_name)) {
 #
 
 if ($action eq 'updategroupcontrols') {
+    check_token_data($token, 'edit_group_controls');
     # First make sure the product name is valid.
     my $product = Bugzilla::Product::check_product($product_name);
 
@@ -722,10 +732,10 @@ if ($action eq 'updategroupcontrols') {
     }
     $dbh->bz_unlock_tables();
 
-    $vars->{'removed_na'} = \@removed_na;
+    delete_token($token);
 
+    $vars->{'removed_na'} = \@removed_na;
     $vars->{'added_mandatory'} = \@added_mandatory;
-
     $vars->{'product'} = $product;
 
     $template->process("admin/products/groupcontrol/updated.html.tmpl", $vars)
@@ -737,7 +747,7 @@ if ($action eq 'updategroupcontrols') {
 # action='update' -> update the product
 #
 if ($action eq 'update') {
-
+    check_token_data($token, 'edit_product');
     my $product_old_name    = trim($cgi->param('product_old_name')    || '');
     my $description         = trim($cgi->param('description')         || '');
     my $disallownew         = trim($cgi->param('disallownew')         || '');
@@ -980,6 +990,7 @@ if ($action eq 'update') {
         $vars->{'confirmedbugs'} = \@updated_bugs;
         $vars->{'changer'} = $user->login;
     }
+    delete_token($token);
 
     $vars->{'old_product'} = $product_old;
     $vars->{'product'} = $product;
@@ -1022,6 +1033,7 @@ if ($action eq 'editgroupcontrols') {
 
     $vars->{'product'} = $product;
     $vars->{'groups'} = $groups;
+    $vars->{'token'} = issue_session_token('edit_group_controls');
 
     $vars->{'const'} = {
         'CONTROLMAPNA' => CONTROLMAPNA,

editsettings.cgi

@@ -24,6 +24,7 @@ use Bugzilla::Constants;
 use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::User::Setting;
+use Bugzilla::Token;
 
 my $template = Bugzilla->template;
 local our $vars = {};
@@ -79,9 +80,12 @@ $user->in_group('tweakparams')
                                      object => "settings"});
 
 my $action  = trim($cgi->param('action')  || 'load');
+my $token   = $cgi->param('token');
 
 if ($action eq 'update') {
+    check_token_data($token, 'edit_settings');
     SaveSettings();
+    delete_token($token);
     $vars->{'changes_saved'} = 1;
 
     $template->process("admin/settings/updated.html.tmpl", $vars)
@@ -92,6 +96,7 @@ if ($action eq 'update') {
 
 if ($action eq 'load') {
     LoadSettings();
+    $vars->{'token'} = issue_session_token('edit_settings');
 
     $template->process("admin/settings/edit.html.tmpl", $vars)
       || ThrowTemplateError($template->error());

editusers.cgi

@@ -33,6 +33,7 @@ use Bugzilla::BugMail;
 use Bugzilla::Flag;
 use Bugzilla::Field;
 use Bugzilla::Group;
+use Bugzilla::Token;
 
 my $user = Bugzilla->login(LOGIN_REQUIRED);
 
@@ -57,6 +58,7 @@ print $cgi->header();
 my $action         = $cgi->param('action') || 'search';
 my $otherUserID    = $cgi->param('userid');
 my $otherUserLogin = $cgi->param('user');
+my $token          = $cgi->param('token');
 
 # Prefill template vars with data used in all or nearly all templates
 $vars->{'editusers'} = $editusers;
@@ -183,6 +185,8 @@ if ($action eq 'search') {
                                                   action => "add",
                                                   object => "users"});
 
+    $vars->{'token'} = issue_session_token('add_user');
+
     $template->process('admin/users/create.html.tmpl', $vars)
        || ThrowTemplateError($template->error());
 
@@ -192,6 +196,8 @@ if ($action eq 'search') {
                                                   action => "add",
                                                   object => "users"});
 
+    check_token_data($token, 'add_user');
+
     my $new_user = Bugzilla::User->create({
         login_name    => scalar $cgi->param('login'),
         cryptpassword => scalar $cgi->param('password'),
@@ -201,6 +207,10 @@ if ($action eq 'search') {
 
     userDataToVars($new_user->id);
 
+    delete_token($token);
+
+    # We already display the updated page. We have to recreate a token now.
+    $vars->{'token'} = issue_session_token('edit_user');
     $vars->{'message'} = 'account_created';
     $template->process('admin/users/edit.html.tmpl', $vars)
        || ThrowTemplateError($template->error());
@@ -212,6 +222,7 @@ if ($action eq 'search') {
 
 ###########################################################################
 } elsif ($action eq 'update') {
+    check_token_data($token, 'edit_user');
     my $otherUser = check_user($otherUserID, $otherUserLogin);
     $otherUserID = $otherUser->id;
 
@@ -388,6 +399,7 @@ if ($action eq 'search') {
 
     # XXX: userDataToVars may be off when editing ourselves.
     userDataToVars($otherUserID);
+    delete_token($token);
 
     $vars->{'message'} = 'account_updated';
     $vars->{'loginold'} = $otherUser->login;
@@ -396,6 +408,9 @@ if ($action eq 'search') {
     $vars->{'groups_removed_from'} = \@groupsRemovedFrom;
     $vars->{'groups_granted_rights_to_bless'} = \@groupsGrantedRightsToBless;
     $vars->{'groups_denied_rights_to_bless'} = \@groupsDeniedRightsToBless;
+    # We already display the updated page. We have to recreate a token now.
+    $vars->{'token'} = issue_session_token('edit_user');
+
     $template->process('admin/users/edit.html.tmpl', $vars)
        || ThrowTemplateError($template->error());
 
@@ -479,12 +494,14 @@ if ($action eq 'search') {
            AND mailto_type = ?
           },
         undef, ($otherUserID, MAILTO_USER));
+    $vars->{'token'} = issue_session_token('delete_user');
 
     $template->process('admin/users/confirm-delete.html.tmpl', $vars)
        || ThrowTemplateError($template->error());
 
 ###########################################################################
 } elsif ($action eq 'delete') {
+    check_token_data($token, 'delete_user');
     my $otherUser = check_user($otherUserID, $otherUserLogin);
     $otherUserID = $otherUser->id;
 
@@ -707,6 +724,7 @@ if ($action eq 'search') {
     $dbh->do('DELETE FROM profiles WHERE userid = ?', undef, $otherUserID);
 
     $dbh->bz_unlock_tables();
+    delete_token($token);
 
     $vars->{'message'} = 'account_deleted';
     $vars->{'otheruser'}{'login'} = $otherUser->login;
@@ -857,6 +875,7 @@ sub edit_processing {
                                            object => "user"});
 
     userDataToVars($otherUser->id);
+    $vars->{'token'} = issue_session_token('edit_user');
 
     $template->process('admin/users/edit.html.tmpl', $vars)
        || ThrowTemplateError($template->error());

editvalues.cgi

@@ -26,6 +26,7 @@ use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::Constants;
 use Bugzilla::Config qw(:admin);
+use Bugzilla::Token;
 
 # List of different tables that contain the changeable field values
 # (the old "enums.") Keep them in alphabetical order by their 
@@ -121,6 +122,7 @@ my $field   = trim($cgi->param('field')   || '');
 my $value   = trim($cgi->param('value')   || '');
 my $sortkey = trim($cgi->param('sortkey') || '0');
 my $action  = trim($cgi->param('action')  || '');
+my $token   = $cgi->param('token');
 
 # Gives the name of the parameter associated with the field
 # and representing its default value.
@@ -186,6 +188,7 @@ if ($action eq 'add') {
 
     $vars->{'value'} = $value;
     $vars->{'field'} = $field;
+    $vars->{'token'} = issue_session_token('add_field_value');
     $template->process("admin/fieldvalues/create.html.tmpl",
                        $vars)
       || ThrowTemplateError($template->error());
@@ -198,6 +201,7 @@ if ($action eq 'add') {
 # action='new' -> add field value entered in the 'action=add' screen
 #
 if ($action eq 'new') {
+    check_token_data($token, 'add_field_value');
     FieldMustExist($field);
     trick_taint($field);
 
@@ -228,6 +232,8 @@ if ($action eq 'new') {
                              VALUES ( ?, ? )");
     $sth->execute($value, $sortkey);
 
+    delete_token($token);
+
     $vars->{'value'} = $value;
     $vars->{'field'} = $field;
     $template->process("admin/fieldvalues/created.html.tmpl",
@@ -262,6 +268,7 @@ if ($action eq 'del') {
     if (lsearch($static{$field}, $value) >= 0) {
         ThrowUserError('fieldvalue_not_deletable', $vars);
     }
+    $vars->{'token'} = issue_session_token('delete_field_value');
 
     $template->process("admin/fieldvalues/confirm-delete.html.tmpl",
                        $vars)
@@ -275,6 +282,7 @@ if ($action eq 'del') {
 # action='delete' -> really delete the field value
 #
 if ($action eq 'delete') {
+    check_token_data($token, 'delete_field_value');
     ValueMustExist($field, $value);
 
     $vars->{'value'} = $value;
@@ -311,6 +319,7 @@ if ($action eq 'delete') {
     $dbh->do("DELETE FROM $field WHERE value = ?", undef, $value);
 
     $dbh->bz_unlock_tables();
+    delete_token($token);
 
     $template->process("admin/fieldvalues/deleted.html.tmpl",
                        $vars)
@@ -334,6 +343,7 @@ if ($action eq 'edit') {
     $vars->{'value'} = $value;
     $vars->{'field'} = $field;
     $vars->{'is_static'} = (lsearch($static{$field}, $value) >= 0) ? 1 : 0;
+    $vars->{'token'} = issue_session_token('edit_field_value');
 
     $template->process("admin/fieldvalues/edit.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
@@ -346,6 +356,7 @@ if ($action eq 'edit') {
 # action='update' -> update the field value
 #
 if ($action eq 'update') {
+    check_token_data($token, 'edit_field_value');
     my $valueold   = trim($cgi->param('valueold')   || '');
     my $sortkeyold = trim($cgi->param('sortkeyold') || '0');
 
@@ -420,6 +431,7 @@ if ($action eq 'update') {
         write_params();
         $vars->{'default_value_updated'} = 1;
     }
+    delete_token($token);
 
     $template->process("admin/fieldvalues/updated.html.tmpl",
                        $vars)

editversions.cgi

@@ -37,6 +37,7 @@ use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::Product;
 use Bugzilla::Version;
+use Bugzilla::Token;
 
 my $cgi = Bugzilla->cgi;
 my $dbh = Bugzilla->dbh;
@@ -63,6 +64,7 @@ my $product_name = trim($cgi->param('product') || '');
 my $version_name = trim($cgi->param('version') || '');
 my $action       = trim($cgi->param('action')  || '');
 my $showbugcounts = (defined $cgi->param('showbugcounts'));
+my $token        = $cgi->param('token');
 
 #
 # product = '' -> Show nice list of products
@@ -108,7 +110,7 @@ unless ($action) {
 #
 
 if ($action eq 'add') {
-
+    $vars->{'token'} = issue_session_token('add_version');
     $vars->{'product'} = $product;
     $template->process("admin/versions/create.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
@@ -123,8 +125,9 @@ if ($action eq 'add') {
 #
 
 if ($action eq 'new') {
-
+    check_token_data($token, 'add_version');
     my $version = Bugzilla::Version::create($version_name, $product);
+    delete_token($token);
 
     $vars->{'version'} = $version;
     $vars->{'product'} = $product;
@@ -149,6 +152,7 @@ if ($action eq 'del') {
 
     $vars->{'version'} = $version;
     $vars->{'product'} = $product;
+    $vars->{'token'} = issue_session_token('delete_version');
     $template->process("admin/versions/confirm-delete.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
 
@@ -162,9 +166,10 @@ if ($action eq 'del') {
 #
 
 if ($action eq 'delete') {
-
+    check_token_data($token, 'delete_version');
     my $version = Bugzilla::Version::check_version($product, $version_name);
     $version->remove_from_db;
+    delete_token($token);
 
     $vars->{'version'} = $version;
     $vars->{'product'} = $product;
@@ -189,6 +194,7 @@ if ($action eq 'edit') {
 
     $vars->{'version'} = $version;
     $vars->{'product'} = $product;
+    $vars->{'token'} = issue_session_token('edit_version');
 
     $template->process("admin/versions/edit.html.tmpl", $vars)
       || ThrowTemplateError($template->error());
@@ -203,7 +209,7 @@ if ($action eq 'edit') {
 #
 
 if ($action eq 'update') {
-
+    check_token_data($token, 'edit_version');
     my $version_old_name = trim($cgi->param('versionold') || '');
     my $version =
         Bugzilla::Version::check_version($product, $version_old_name);
@@ -213,6 +219,7 @@ if ($action eq 'update') {
     $vars->{'updated'} = $version->update($version_name, $product);
 
     $dbh->bz_unlock_tables();
+    delete_token($token);
 
     $vars->{'version'} = $version;
     $vars->{'product'} = $product;

editwhines.cgi

@@ -35,6 +35,7 @@ use Bugzilla::Util;
 use Bugzilla::Error;
 use Bugzilla::User;
 use Bugzilla::Group;
+use Bugzilla::Token;
 
 # require the user to have logged in
 my $user = Bugzilla->login(LOGIN_REQUIRED);
@@ -49,7 +50,7 @@ my $vars     = {};
 my $dbh      = Bugzilla->dbh;
 
 my $userid   = $user->id;
-
+my $token    = $cgi->param('token');
 my $sth; # database statement handle
 
 # $events is a hash ref, keyed by event id, that stores the active user's
@@ -86,6 +87,8 @@ my $can_mail_others = Bugzilla->user->in_group('bz_canusewhineatothers');
 # removed, then what was altered.
 
 if ($cgi->param('update')) {
+    check_token_data($token, 'edit_whine');
+
     if ($cgi->param("add_event")) {
         # we create a new event
         $sth = $dbh->prepare("INSERT INTO whine_events " .
@@ -349,6 +352,7 @@ if ($cgi->param('update')) {
             }
         }
     }
+    delete_token($token);
 }
 
 $vars->{'mail_others'} = $can_mail_others;
@@ -436,6 +440,7 @@ $vars->{'available_queries'} = [];
 while (my ($query) = $sth->fetchrow_array) {
     push @{$vars->{'available_queries'}}, $query;
 }
+$vars->{'token'} = issue_session_token('edit_whine');
 
 $template->process("whine/schedule.html.tmpl", $vars)
   || ThrowTemplateError($template->error());

enter_bug.cgi

@@ -335,7 +335,7 @@ $vars->{'qa_contact_disabled'}  = !Bugzilla->user->in_group('editbugs');
 
 $vars->{'cloned_bug_id'}         = $cloned_bug_id;
 
-$vars->{'token'}             = Bugzilla::Token::IssueSessionToken('createbug:');
+$vars->{'token'}             = issue_session_token('createbug:');
 
 
 my @enter_bug_fields = Bugzilla->get_fields({ custom => 1, obsolete => 0, 

relogin.cgi

@@ -60,7 +60,7 @@ if ($action eq 'prepare-sudo') {
     }
 
     # Keep a temporary record of the user visiting this page
-    $vars->{'token'} = Bugzilla::Token::IssueSessionToken('sudo_prepared');
+    $vars->{'token'} = issue_session_token('sudo_prepared');
 
     # Show the sudo page
     $vars->{'target_login_default'} = $cgi->param('target_login');
@@ -121,7 +121,7 @@ elsif ($action eq 'begin-sudo') {
                        { target_login => scalar $cgi->param('target_login'),
                                reason => scalar $cgi->param('reason')});
     }
-    Bugzilla::Token::DeleteToken($cgi->param('token'));
+    delete_token($cgi->param('token'));
 
     # Get & verify the target user (the user who we will be impersonating)
     my $target_user = 

skins/standard/global.css

@@ -289,3 +289,11 @@ span.quote {
 }
 
 table#flags th, table#flags td { vertical-align: baseline; text-align: left; }
+
+.throw_error {
+    background-color: #ff0000;
+    color: black;
+    font-size: 120%;
+    margin: 1em;
+    padding: 0.5em 1em;
+}

template/en/default/admin/classifications/add.html.tmpl

@@ -49,6 +49,7 @@
   <hr>
   <input type=submit value="Add">
   <input type=hidden name="action" value="new">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </FORM>
 
 <p>Back to the <a href="./">main [% terms.bugs %] page</a>

template/en/default/admin/classifications/del.html.tmpl

@@ -56,6 +56,7 @@
   <input type=submit value="Yes, delete">
   <input type=hidden name="action" value="delete">
   <input type=hidden name="classification" value="[% classification.name FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p>Back to the <a href="./">main [% terms.bugs %] page</a>

template/en/default/admin/classifications/edit.html.tmpl

@@ -77,6 +77,7 @@
   <input type=hidden name="classificationold" 
          value="[% classification.name FILTER html %]">
   <input type=hidden name="action" value="update">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type=submit value="Update">
 </form>
 

template/en/default/admin/classifications/reclassify.html.tmpl

@@ -82,6 +82,7 @@
 
   <input type=hidden name="action" value="reclassify">
   <input type=hidden name="classification" value="[% classification.name FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p>Back to the <a href="./">main [% terms.bugs %] page</a>,

template/en/default/admin/components/confirm-delete.html.tmpl

@@ -150,6 +150,7 @@
   <input type="hidden" name="action" value="delete">
   <input type="hidden" name="product" value="[% product.name FILTER html %]">
   <input type="hidden" name="component" value="[% comp.name FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   </form>
 
 [% END %]

template/en/default/admin/components/create.html.tmpl

@@ -102,7 +102,7 @@
   <input type="hidden" name='open_name' value='All Open'>
   <input type="hidden" name='nonopen_name' value='All Closed'>
   <input type="hidden" name='product' value="[% product.name FILTER html %]">
-
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 [% PROCESS admin/components/footer.html.tmpl %]

template/en/default/admin/components/edit.html.tmpl

@@ -119,6 +119,7 @@
    <input type="hidden" name="action" value="update">
    <input type="hidden" name="componentold" value="[% comp.name FILTER html %]">
    <input type="hidden" name="product" value="[% product.name FILTER html %]">
+   <input type="hidden" name="token" value="[% token FILTER html %]">
    <input type="submit" value="Update" id="update"> or <a 
         href="editcomponents.cgi?action=del&amp;product=
         [%- product.name FILTER url_quote %]&amp;component=

template/en/default/admin/confirm-action.html.tmpl

+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+  # License Version 1.1 (the "License"); you may not use this file
+  # except in compliance with the License. You may obtain a copy of
+  # the License at http://www.mozilla.org/MPL/
+  #
+  # Software distributed under the License is distributed on an "AS
+  # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+  # implied. See the License for the specific language governing
+  # rights and limitations under the License.
+  #
+  # The Original Code is the Bugzilla Bug Tracking System.
+  #
+  # The Initial Developer of the Original Code is Frédéric Buclin.
+  #
+  # Contributor(s): Frédéric Buclin <LpSolit@gmail.com>
+  #%]
+
+[%# INTERFACE:
+  # abuser: identity of the user who created the (invalid?) token.
+  # token_action: the action the token was supposed to serve.
+  # expected_action: the action the user was going to do.
+  # script_name: the script generating this warning.
+  #%]
+
+[% PROCESS "global/field-descs.none.tmpl" %]
+
+[% PROCESS global/header.html.tmpl title = "Suspicious Action"
+                                   style_urls = ['skins/standard/global.css'] %]
+
+[% IF abuser %]
+  <div class="throw_error">
+    <p>When you view an administrative form in [% terms.Bugzilla %], a token string
+    is randomly generated and stored both in the database and in the form you loaded,
+    to make sure that the requested changes are being made as a result of submitting
+    a form generated by [% terms.Bugzilla %]. Unfortunately, the token used right now
+    is incorrect, meaning that it looks like you didn't come from the right page.
+    The following token has been used :</p>
+
+    <table border="0" cellpadding="5" cellspacing="0">
+      [% IF token_action != expected_action %]
+        <tr>
+          <th>Action&nbsp;stored:</th>
+          <td>[% token_action FILTER html %]</td>
+        </tr>
+        <tr>
+          <th>&nbsp;</th>
+          <td>
+            This action doesn't match the one expected ([% expected_action FILTER html %]).
+          </td>
+        </tr>
+      [% END %]
+
+      [% IF abuser != user.identity %]
+        <tr>
+          <th>Generated&nbsp;by:</th>
+          <td>[% abuser FILTER html %]</td>
+        </tr>
+        <tr>
+          <th>&nbsp;</th>
+          <td>
+            This token has not been generated by you. It is possible that someone
+            tried to trick you!
+          </td>
+        </tr>
+      [% END %]
+    </table>
+
+    <p>Please report this problem to [%+ Param("maintainer") FILTER html %].</p>
+  </div>
+[% ELSE %]
+  <div class="throw_error">
+    It looks like you didn't come from the right page (you have no valid token for
+    the <em>[% expected_action FILTER html %]</em> action while processing the
+    '[% script_name FILTER html%]' script). The reason could be one of:<br>
+    <ul>
+      <li>You clicked the "Back" button of your web browser after having successfully
+      submitted changes, which is generally not a good idea (but harmless).</li>
+      <li>You entered the URL in the address bar of your web browser directly,
+      which should be safe.</li>
+      <li>You clicked on a URL which redirected you here <b>without your consent</b>,
+      in which case this action is much more critical.</li>
+    </ul>
+    Are you sure you want to commit these changes anyway? This may result in
+    unexpected and undesired results.
+  </div>
+
+  <form name="check" id="check" method="post" action="[% script_name FILTER html %]">
+    [% PROCESS "global/hidden-fields.html.tmpl"
+               exclude="^(Bugzilla_login|Bugzilla_password)$" %]
+    <input type="submit" id="confirm" value="Confirm Changes">
+  </form>
+  <p>Or throw away these changes and go back to <a href="[% script_name FILTER html %]">
+    [%- script_name FILTER html %]</a>.</p>
+[% END %]
+
+[% PROCESS global/footer.html.tmpl %]

template/en/default/admin/custom_fields/create.html.tmpl

@@ -102,6 +102,7 @@
   </table>
   <br>
   <input type="hidden" name="action" value="new">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="submit" id="create" value="Create">
 </form>
 

template/en/default/admin/custom_fields/edit.html.tmpl

@@ -98,6 +98,7 @@
   <br>
   <input type="hidden" name="action" value="update">
   <input type="hidden" name="name" value="[% field.name FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="submit" id="edit" value="Submit">
 </form>
 

template/en/default/admin/fieldvalues/confirm-delete.html.tmpl

@@ -111,6 +111,7 @@
     <input type="hidden" name="action" value="delete">
     <input type="hidden" name="field" value="[% field FILTER html %]">
     <input type="hidden" name="value" value="[% value FILTER html %]">
+    <input type="hidden" name="token" value="[% token FILTER html %]">
   </form>
 
 [% END %]

template/en/default/admin/fieldvalues/create.html.tmpl

@@ -42,7 +42,7 @@
   <input type="submit" id="create" value="Add">
   <input type="hidden" name="action" value="new">
   <input type="hidden" name='field' value="[% field FILTER html %]">
-
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p>

template/en/default/admin/fieldvalues/edit.html.tmpl

@@ -55,8 +55,8 @@
   <input type="hidden" name="sortkeyold" value="[% sortkey FILTER html %]">
   <input type="hidden" name="action" value="update">
   <input type="hidden" name="field" value="[% field FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="submit" id="update" value="Update">
-
 </form>
 
 <p>

template/en/default/admin/flag-type/confirm-delete.html.tmpl

@@ -21,18 +21,16 @@
 
 [% PROCESS global/variables.none.tmpl %]
 
-[%# Filter off the name here to be used multiple times below %]
-[% name = BLOCK %][% flag_type.name FILTER html %][% END %]
+[% title = BLOCK %]Confirm Deletion of Flag Type '[% flag_type.name FILTER html %]'[% END %]
 
-[% PROCESS global/header.html.tmpl
-  title = "Confirm Deletion of Flag Type '$name'"
-%]
+[% PROCESS global/header.html.tmpl title = title %]
 
 <p>
-   There are [% flag_type.flag_count %] flags of type [% name FILTER html %].
+   There are [% flag_type.flag_count %] flags of type [% flag_type.name FILTER html %].
    If you delete this type, those flags will also be deleted.  Note that
    instead of deleting the type you can
-   <a href="editflagtypes.cgi?action=deactivate&amp;id=[% flag_type.id %]">deactivate it</a>,
+   <a href="editflagtypes.cgi?action=deactivate&amp;id=[% flag_type.id %]&amp;token=
+           [%- token FILTER html %]">deactivate it</a>,
    in which case the type and its flags will remain in the database
    but will not appear in the [% terms.Bugzilla %] UI.
 </p>
@@ -45,8 +43,8 @@
    </tr>
    <tr>
       <td>
-         <a href="editflagtypes.cgi?action=delete&amp;id=[% flag_type.id %]">
-            Yes, delete
+         <a href="editflagtypes.cgi?action=delete&amp;id=[% flag_type.id %]&amp;token=
+                 [%- token FILTER html %]">Yes, delete
          </a>
       </td>
       <td align="right">

template/en/default/admin/flag-type/edit.html.tmpl

@@ -53,6 +53,7 @@
 <form method="post" action="editflagtypes.cgi">
   <input type="hidden" name="action" value="[% action %]">
   <input type="hidden" name="id" value="[% type.id %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="hidden" name="target_type" value="[% type.target_type %]">
   [% FOREACH category = type.inclusions %]
     <input type="hidden" name="inclusions" value="[% category.value FILTER html %]">

template/en/default/admin/flag-type/list.html.tmpl

@@ -101,25 +101,6 @@
   <a href="editflagtypes.cgi?action=enter&amp;target_type=attachment">Create Flag Type For Attachments</a>
 </p>
 
-<script type="text/javascript">
-  <!--
-  function confirmDelete(id, name, count)
-  {
-    if (count > 0) {
-        var msg = 'There are ' + count + ' flags of type ' + name + '. ' +
-                  'If you delete this type, those flags will also be ' +
-                  'deleted.\n\nNote: to deactivate the type instead ' +
-                  'of deleting it, edit it and uncheck its "is active" ' +
-                  'flag.\n\nDo you really want to delete this flag type?';
-        if (!confirm(msg)) return false;
-    }
-    location.href = "editflagtypes.cgi?action=delete&id=" + id;
-    return false; // prevent strict JavaScript warning that this function
-                  // does not always return a value
-  }
-  //-->
-</script>
-
 [% PROCESS global/footer.html.tmpl %]
 
 
@@ -157,9 +138,7 @@
         <td>[% IF type.request_group %][% type.request_group.name FILTER html %][% END %]</td>
         <td>
           <a href="editflagtypes.cgi?action=copy&amp;id=[% type.id %]">Copy</a>
-          | <a href="editflagtypes.cgi?action=confirmdelete&amp;id=[% type.id %]"
-               onclick="return confirmDelete([% type.id %], '[% type.name FILTER js FILTER html %]',
-                                             [% type.flag_count %]);">Delete</a>
+          | <a href="editflagtypes.cgi?action=confirmdelete&amp;id=[% type.id %]">Delete</a>
         </td>
       </tr>
 

template/en/default/admin/groups/create.html.tmpl

@@ -49,6 +49,7 @@
     Insert new group into all existing products.<p>
   <input type="submit" id="create" value="Add">
   <input type="hidden" name="action" value="new">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p><b>Name</b> is what is used with the B<!-- blah -->ugzilla->user->in_group()

template/en/default/admin/groups/delete.html.tmpl

@@ -123,6 +123,7 @@
   <p><input type="submit" id="delete" value="Yes, delete">
   <input type="hidden" name="action" value="delete">
   <input type="hidden" name="group" value="[% gid FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 Go back to the <a href="editgroups.cgi">group list</a>.

template/en/default/admin/groups/edit.html.tmpl

@@ -214,6 +214,7 @@
 
   <input type="hidden" name="action" value="postchanges">
   <input type="hidden" name="group" value="[% group_id FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 Back to the <a href="editgroups.cgi">group list</a>.

template/en/default/admin/keywords/confirm-delete.html.tmpl

@@ -45,6 +45,7 @@
   <input type="hidden" name="id" value="[% keyword.id FILTER html %]">
   <input type="hidden" name="action" value="delete">
   <input type="hidden" name="reallydelete" value="1">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="submit" id="delete"
          value="Yes, really delete the keyword">
 </form>

template/en/default/admin/keywords/create.html.tmpl

@@ -51,6 +51,7 @@
   <input type="hidden" name="id" value="-1">
   <input type="submit" id="create" value="Add">
   <input type="hidden" name="action" value="new">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p><a href="editkeywords.cgi">Edit other keywords</a>.</p>

template/en/default/admin/keywords/edit.html.tmpl

@@ -66,6 +66,7 @@
   <input type="submit" id="update" value="Update">
   <input type="hidden" name="action" value="update">
   <input type="hidden" name="id" value="[% keyword.id FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p><a href="editkeywords.cgi">Edit other keywords</a>.</p>

template/en/default/admin/milestones/confirm-delete.html.tmpl

@@ -90,6 +90,7 @@
   <input type="hidden" name="action" value="delete">
   <input type="hidden" name="product" value="[% product.name FILTER html %]">
   <input type="hidden" name="milestone" value="[% milestone.name FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 [% PROCESS admin/milestones/footer.html.tmpl %]

template/en/default/admin/milestones/create.html.tmpl

@@ -49,7 +49,7 @@
   <input type="submit" id="create" value="Add">
   <input type="hidden" name="action" value="new">
   <input type="hidden" name='product' value="[% product.name FILTER html %]">
-
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p>

template/en/default/admin/milestones/edit.html.tmpl

@@ -55,7 +55,7 @@
   <input type="hidden" name="action" value="update">
   <input type="hidden" name="product" value="[% product.name FILTER html %]">
   <input type="submit" id="update" value="Update">
-
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p>

template/en/default/admin/params/editparams.html.tmpl

@@ -99,6 +99,7 @@
           [% PROCESS admin/params/common.html.tmpl panel = current_panel %]
           <input type="hidden" name="section" value="[% current_panel.name FILTER html %]">
           <input type="hidden" name="action" value="save">
+          <input type="hidden" name="token" value="[% token FILTER html %]">
           <input type="reset" value="Reset form">
           <input type="submit" name="action" value="Save Changes">
         </form>

template/en/default/admin/products/confirm-delete.html.tmpl

@@ -263,6 +263,7 @@
     <input type="submit" id="delete" value="Yes, delete">
     <input type="hidden" name="action" value="delete">
     <input type="hidden" name="product" value="[% product.name FILTER html %]">
+    <input type="hidden" name="token" value="[% token FILTER html %]">
     <input type="hidden" name="classification"
            value="[% classification.name FILTER html %]">
   </form>

template/en/default/admin/products/create.html.tmpl

@@ -57,6 +57,7 @@
   <input type="hidden" name="subcategory" value="-All-">
   <input type="hidden" name="open_name"   value="All Open">
   <input type="hidden" name="action" value="new">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="hidden" name="classification"
         value="[% classification.name FILTER html %]">
 </form>

template/en/default/admin/products/edit.html.tmpl

@@ -132,6 +132,7 @@ versions:</a>
   <input type="hidden" name="product_old_name" 
         value="[% product.name FILTER html %]">
   <input type="hidden" name="action" value="update">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="hidden" name="classification"
          value="[% classification.name FILTER html %]">
   <input type="submit" name="submit" value="Update">

template/en/default/admin/products/groupcontrol/edit.html.tmpl

@@ -31,6 +31,7 @@
 <form method="post" action="editproducts.cgi">
   <input type="hidden" name="action" value="updategroupcontrols">
   <input type="hidden" name="product" value="[% product.name FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="hidden" name="classification" 
          value="[% classification.name FILTER html %]">
 

template/en/default/admin/settings/edit.html.tmpl

@@ -85,6 +85,7 @@ page, and the Default Value will automatically apply to everyone.
       </table>
 
     <input type="hidden" name="action" value="update">
+    <input type="hidden" name="token" value="[% token FILTER html %]">
     <table>
       <tr>
         <td width="150"></td>

template/en/default/admin/users/confirm-delete.html.tmpl

@@ -448,6 +448,7 @@
       <input type="submit" id="delete" value="Yes, delete"/>
       <input type="hidden" name="action" value="delete" />
       <input type="hidden" name="userid" value="[% otheruser.id %]" />
+      <input type="hidden" name="token" value="[% token FILTER html %]">
       [% INCLUDE listselectionhiddenfields %]
     </p>
   </form>

template/en/default/admin/users/create.html.tmpl

@@ -41,6 +41,7 @@
 <p>
   <input type="submit" id="add" value="Add"/>
   <input type="hidden" name="action" value="new" />
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   [% INCLUDE listselectionhiddenfields %]
 </p>
 </form>

template/en/default/admin/users/edit.html.tmpl

@@ -106,6 +106,7 @@
   <input type="submit" id="update" value="Update" />
   <input type="hidden" name="userid" value="[% otheruser.id %]" />
   <input type="hidden" name="action" value="update" />
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   [% INCLUDE listselectionhiddenfields %]
 
   or <a href="editusers.cgi?action=activity&amp;userid=[% otheruser.id %]"

template/en/default/admin/versions/confirm-delete.html.tmpl

@@ -92,6 +92,7 @@
     <input type="hidden" name="action" value="delete">
     <input type="hidden" name="product" value="[% product.name FILTER html %]">
     <input type="hidden" name="version" value="[% version.name FILTER html %]">
+    <input type="hidden" name="token" value="[% token FILTER html %]">
   </form>
 
 [% END %]

template/en/default/admin/versions/create.html.tmpl

@@ -43,7 +43,7 @@
   <input type="submit" id="create" value="Add">
   <input type="hidden" name="action" value="new">
   <input type="hidden" name='product' value="[% product.name FILTER html %]">
-
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p>

template/en/default/admin/versions/edit.html.tmpl

@@ -48,8 +48,8 @@
   <input type="hidden" name="versionold" value="[% version.name FILTER html %]">
   <input type="hidden" name="action" value="update">
   <input type="hidden" name="product" value="[% product.name FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="submit" id="update" value="Update">
-
 </form>
 
 <p>

template/en/default/filterexceptions.pl

@@ -512,7 +512,6 @@
 
 'admin/flag-type/list.html.tmpl' => [
   'type.id', 
-  'type.flag_count', 
 ],
 
 

template/en/default/whine/schedule.html.tmpl

@@ -82,6 +82,7 @@
 <input type="submit" value="Update / Commit" name="commit"
        style="display: none;" id="commit">
 <input type="hidden" name="update" value="1">
+<input type="hidden" name="token" value="[% token FILTER html %]">
 
 [% FOREACH event = events %]
 

token.cgi

@@ -378,7 +378,7 @@ sub confirm_create_account {
         cryptpassword => $cgi->param('passwd1')});
 
     # Now delete this token.
-    Bugzilla::Token::DeleteToken($::token);
+    delete_token($::token);
 
     # Let the user know that his user account has been successfully created.
     $vars->{'message'} = 'account_created';