diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-08-06 23:41:47 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-08-06 23:41:47 +0200 |
commit | aefdf269ff52f02c16a350329f485c041479507e (patch) | |
tree | 7e85a557856831bc141467b831da5c4b5cbb3966 /token.cgi | |
parent | Bug 682317 - Bug.create is incorrectly documented as ignoring invalid fields;... (diff) | |
download | bugzilla-aefdf269ff52f02c16a350329f485c041479507e.tar.gz bugzilla-aefdf269ff52f02c16a350329f485c041479507e.tar.bz2 bugzilla-aefdf269ff52f02c16a350329f485c041479507e.zip |
Bug 706271: CSRF vulnerability in token.cgi allows possible unauthorized password reset e-mail request
r=reed a=LpSolit
Diffstat (limited to 'token.cgi')
-rwxr-xr-x | token.cgi | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -114,6 +114,11 @@ sub requestChangePassword { Bugzilla->user->authorizer->can_change_password || ThrowUserError("password_change_requests_not_allowed"); + # Check the hash token to make sure this user actually submitted + # the forgotten password form. + my $token = $cgi->param('token'); + check_hash_token($token, ['reqpw']); + my $login_name = $cgi->param('loginname') or ThrowUserError("login_needed_for_password_change"); |