Closed
Bug 912661
Opened 11 years ago
Closed 11 years ago
backport upstream bug 911593 to bmo/4.2 for csrf security fix in process_bug.cgi
Categories
(bugzilla.mozilla.org :: General, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dkl, Assigned: dkl)
References
Details
Attachments
(1 file, 1 obsolete file)
(deleted),
patch
|
glob
:
review+
|
Details | Diff | Splinter Review |
This is a regression due to bug 69447 which generates a new valid token without first making sure that the midair collision page will be displayed. This bug only affects 4.4 and newer. 4.3.3 and older are not affected. In BMO's case, it is affected as the 4.4 patch was backported to bmo/4.2.
patch coming
dkl
Assignee | ||
Comment 1•11 years ago
|
||
Attachment #799765 -
Flags: review?(glob)
Comment on attachment 799765 [details] [diff] [review]
912661_1.patch
Review of attachment 799765 [details] [diff] [review]:
-----------------------------------------------------------------
::: process_bug.cgi
@@ +158,3 @@
> my $first_delta_tz_z = datetime_from($first_bug->delta_ts);
> if ($first_delta_tz_z ne $delta_ts_z) {
> + ($vars->{'operations'}) = $first_bug->get_activity(undef, $delta_ts);
we don't have $bug->get_activity()
Attachment #799765 -
Flags: review?(glob) → review-
Assignee | ||
Comment 3•11 years ago
|
||
:(
Attachment #799765 -
Attachment is obsolete: true
Attachment #800823 -
Flags: review?(glob)
Comment on attachment 800823 [details] [diff] [review]
912661_2.patch
r=glob
Attachment #800823 -
Flags: review?(glob) → review+
Assignee | ||
Comment 5•11 years ago
|
||
Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.2
modified process_bug.cgi
Committed revision 9081.
Group: webtools-security
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•