diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:03:28 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-11-22 22:03:28 +0100 |
commit | 92cb17e05cecb4093ee9e189347ba66b8844528a (patch) | |
tree | 7129cf8b6398e67276a17856804d4a157c4b7fa1 /process_bug.cgi | |
parent | Bug 680771 - Send X-XSS-Protection header for XSS prevention/blocking (diff) | |
download | bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.tar.gz bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.tar.bz2 bugzilla-92cb17e05cecb4093ee9e189347ba66b8844528a.zip |
Bug 703975: CSRF vulnerability in post_bug.cgi allows possible unauthorized bug creation
r=mkanat a=LpSolit
Diffstat (limited to 'process_bug.cgi')
-rwxr-xr-x | process_bug.cgi | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/process_bug.cgi b/process_bug.cgi index dc5ad9138..bf18a45d3 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -376,6 +376,9 @@ foreach my $bug (@bug_objects) { $bug->send_changes($changes, $vars); } +# Delete the session token used for the mass-change. +delete_token($token) unless $cgi->param('id'); + if (Bugzilla->usage_mode == USAGE_MODE_EMAIL) { # Do nothing. } |