aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2012-04-18 18:58:04 +0200
committerFrédéric Buclin <LpSolit@gmail.com>2012-04-18 18:58:04 +0200
commit811987d677a4117f09b032e3935aff9accdc133d (patch)
treed26d58e0f7bd7b41ad86b3cf7c2e8c75a1972c90 /buglist.cgi
parentBug 728639: (CVE-2012-0465) [SECURITY] User lockout policy can be bypassed by... (diff)
downloadbugzilla-811987d677a4117f09b032e3935aff9accdc133d.tar.gz
bugzilla-811987d677a4117f09b032e3935aff9accdc133d.tar.bz2
bugzilla-811987d677a4117f09b032e3935aff9accdc133d.zip
Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists permits attackers to access all bugs that the victim can see
r=glob a=LpSolit
Diffstat (limited to 'buglist.cgi')
-rwxr-xr-xbuglist.cgi10
1 files changed, 0 insertions, 10 deletions
diff --git a/buglist.cgi b/buglist.cgi
index 79bf94381..885e50478 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -95,16 +95,6 @@ if (defined $cgi->param('ctype') && $cgi->param('ctype') eq "rss") {
$cgi->param('ctype', "atom");
}
-# The js ctype presents a security risk; a malicious site could use it
-# to gather information about secure bugs. So, we only allow public bugs to be
-# retrieved with this format.
-#
-# Note that if and when this call clears cookies or has other persistent
-# effects, we'll need to do this another way instead.
-if ((defined $cgi->param('ctype')) && ($cgi->param('ctype') eq "js")) {
- Bugzilla->logout_request();
-}
-
# An agent is a program that automatically downloads and extracts data
# on its user's behalf. If this request comes from an agent, we turn off
# various aspects of bug list functionality so agent requests succeed