Bug 754673 - CSRF vulnerability in query.cgi allows possible unauthorized use of "Set my default search back to the system default"

[r=LpSolit a=LpSolit]
author: Reed Loden <reed@reedloden.com> 2012-05-29 07:50:08 -0700
committer: Reed Loden <reed@reedloden.com> 2012-05-29 07:50:08 -0700
commit: 19b514899d02fde1c53916fe0c0a364548c6ab8d (patch)
tree: 90e1c43a55d5ba19e7308b8f9a28cb44025a8009 /query.cgi
parent: Bug 327657: "Edit attachment" page should show me when the file was attached (diff)
download: bugzilla-19b514899d02fde1c53916fe0c0a364548c6ab8d.tar.gz
bugzilla-19b514899d02fde1c53916fe0c0a364548c6ab8d.tar.bz2
bugzilla-19b514899d02fde1c53916fe0c0a364548c6ab8d.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/query.cgi b/query.cgi
index 47be93125..df3d9cadf 100755
--- a/query.cgi
+++ b/query.cgi
@@ -20,6 +20,7 @@ use Bugzilla::Product;
 use Bugzilla::Keyword;
 use Bugzilla::Field;
 use Bugzilla::Install::Util qw(vers_cmp);
+use Bugzilla::Token;
 
 ###############
 # Subroutines #
@@ -72,6 +73,8 @@ my $userid = $user->id;
 
 if ($cgi->param('nukedefaultquery')) {
     if ($userid) {
+        my $token = $cgi->param('token');
+        check_hash_token($token, ['nukedefaultquery']);
         $dbh->do("DELETE FROM namedqueries" .
                  " WHERE userid = ? AND name = ?", 
                  undef, ($userid, DEFAULT_QUERY_NAME));
author	Reed Loden <reed@reedloden.com>	2012-05-29 07:50:08 -0700
committer	Reed Loden <reed@reedloden.com>	2012-05-29 07:50:08 -0700
commit	19b514899d02fde1c53916fe0c0a364548c6ab8d (patch)
tree	90e1c43a55d5ba19e7308b8f9a28cb44025a8009 /query.cgi
parent	Bug 327657: "Edit attachment" page should show me when the file was attached (diff)
download	bugzilla-19b514899d02fde1c53916fe0c0a364548c6ab8d.tar.gz bugzilla-19b514899d02fde1c53916fe0c0a364548c6ab8d.tar.bz2 bugzilla-19b514899d02fde1c53916fe0c0a364548c6ab8d.zip