diff options
author | lpsolit%gmail.com <> | 2006-10-15 05:02:09 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-10-15 05:02:09 +0000 |
commit | 93815fc7619567cc962e053280c5ed0b19492feb (patch) | |
tree | ffc99d8156c41fbd0d5ab8801324adead2ef4436 /editgroups.cgi | |
parent | Bug 346564: [SECURITY] timetracking deadline leaks in XML - Patch by Olav Vit... (diff) | |
download | bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.bz2 bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.zip |
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'editgroups.cgi')
-rwxr-xr-x | editgroups.cgi | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/editgroups.cgi b/editgroups.cgi index 8e6cf55ac..09e1c8b10 100755 --- a/editgroups.cgi +++ b/editgroups.cgi @@ -35,6 +35,7 @@ use Bugzilla::Error; use Bugzilla::Group; use Bugzilla::Product; use Bugzilla::User; +use Bugzilla::Token; my $cgi = Bugzilla->cgi; my $dbh = Bugzilla->dbh; @@ -51,6 +52,7 @@ $user->in_group('creategroups') object => "groups"}); my $action = trim($cgi->param('action') || ''); +my $token = $cgi->param('token'); # Add missing entries in bug_group_map for bugs created while # a mandatory group was disabled and which is now enabled again. @@ -220,6 +222,7 @@ if ($action eq 'changeform') { $vars->{'isactive'} = $isactive; $vars->{'isbuggroup'} = $isbuggroup; $vars->{'groups'} = \@groups; + $vars->{'token'} = issue_session_token('edit_group'); print $cgi->header(); $template->process("admin/groups/edit.html.tmpl", $vars) @@ -235,6 +238,7 @@ if ($action eq 'changeform') { # if ($action eq 'add') { + $vars->{'token'} = issue_session_token('add_group'); print $cgi->header(); $template->process("admin/groups/create.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -249,6 +253,7 @@ if ($action eq 'add') { # if ($action eq 'new') { + check_token_data($token, 'add_group'); # Check that a not already used group name is given, that # a description is also given and check if the regular # expression is valid (if any). @@ -284,6 +289,7 @@ if ($action eq 'new') { undef, ($gid, CONTROLMAPSHOWN, CONTROLMAPNA)); } Bugzilla::Group::RederiveRegexp($regexp, $gid); + delete_token($token); print $cgi->header(); $template->process("admin/groups/created.html.tmpl", $vars) @@ -356,6 +362,7 @@ if ($action eq 'del') { $vars->{'hasflags'} = $hasflags; $vars->{'shared_queries'} = $shared_queries; $vars->{'buglist'} = $buglist; + $vars->{'token'} = issue_session_token('delete_group'); print $cgi->header(); $template->process("admin/groups/delete.html.tmpl", $vars) @@ -369,6 +376,7 @@ if ($action eq 'del') { # if ($action eq 'delete') { + check_token_data($token, 'delete_group'); # Check that an existing group ID is given my $gid = CheckGroupID($cgi->param('group')); my ($name, $isbuggroup) = @@ -455,6 +463,8 @@ if ($action eq 'delete') { $dbh->do('DELETE FROM groups WHERE id = ?', undef, $gid); + delete_token($token); + print $cgi->header(); $template->process("admin/groups/deleted.html.tmpl", $vars) || ThrowTemplateError($template->error()); @@ -467,6 +477,7 @@ if ($action eq 'delete') { # if ($action eq 'postchanges') { + check_token_data($token, 'edit_group'); # ZLL: Bug 181589: we need to have something to remove explicitly listed users from # groups in order for the conversion to 2.18 groups to work my $action; @@ -488,7 +499,8 @@ if ($action eq 'postchanges') { if ($action == 2) { $vars->{'regexp'} = $regexp; } - + delete_token($token); + print $cgi->header(); $template->process("admin/groups/change.html.tmpl", $vars) || ThrowTemplateError($template->error()); |