Closed Bug 768870 Opened 12 years ago Closed 12 years ago

No token assigned to "Un-forget the search"

Categories

(Bugzilla :: Query/Bug List, defect)

Product:
Bugzilla
Component:
Query/Bug List
Version:
4.0.6
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.0

People

(Reporter: laurens.bal, Assigned: LpSolit)

References

Details

(Keywords: regression)

Attachments

(1 file)

patch, v1
1.01 KB, patch
glob
: review+
Details | Diff | Splinter Review 
Step 1: Login with your account on bugzilla.mozilla.org
Step 2: Use query.cgi to perform a search
Step 3: Save your requested search  as "mysearch"
Step 4: Click on the link "Forget Search Mysearch"
Step 5: Click now on the link "Un-forget the search"

You will now be redirected to a page that asks for the token. 
Because there is no token added to this request.

Greets,

Laurens
Assignee: nobody → query-and-buglist
Component: General → Query/Bug List
Product: bugzilla.mozilla.org → Bugzilla
QA Contact: general → default-qa
Version: Production → 4.0.6
Status: UNCONFIRMED → NEW
Ever confirmed: true
Regression due to bug 621090. As we regressed this in 4.0, we should fix it there too, despite not being a security issue. Patch coming.
Assignee: query-and-buglist → LpSolit
Status: NEW → ASSIGNED
Depends on: CVE-2011-0046
Keywords: regression
OS: Windows 7 → All
Hardware: x86_64 → All
Target Milestone: --- → Bugzilla 4.0
Attached patch patch, v1Splinter Review 

        Attachment #637112 -
        Flags: review?(glob)

    
    

    
  
Comment on attachment 637112 [details] [diff] [review]
patch, v1

r=glob

        Attachment #637112 -
        Flags: review?(glob) → review+

    
  
Flags: approval4.2+
Flags: approval4.0+
Flags: approval+

    
    

    
  
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified buglist.cgi
Committed revision 8278.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.2/
modified buglist.cgi
Committed revision 8099.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.0/
modified buglist.cgi
Committed revision 7711.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED

    
    

    
  
This has been deployed on bmo.

    
    

    
  
Comment on attachment 637112 [details] [diff] [review]
patch, v1

>Index: buglist.cgi
>===================================================================
>RCS file: /cvsroot/mozilla/webtools/bugzilla/buglist.cgi,v
>retrieving revision 1.444
>diff -p -u -r1.444 buglist.cgi
>--- buglist.cgi	7 Jun 2012 21:45:44 -0000	1.444
>+++ buglist.cgi	27 Jun 2012 14:29:44 -0000
>@@ -422,7 +422,9 @@ if ($cmdtype eq "dorem") {  
>         # Generate and return the UI (HTML page) from the appropriate template.
>         $vars->{'message'} = "buglist_query_gone";
>         $vars->{'namedcmd'} = $qname;
>-        $vars->{'url'} = "buglist.cgi?newquery=" . url_quote($buffer) . "&cmdtype=doit&remtype=asnamed&newqueryname=" . url_quote($qname);
>+        $vars->{'url'} = "buglist.cgi?newquery=" . url_quote($buffer)
>+                         . "&cmdtype=doit&remtype=asnamed&newqueryname=" . url_quote($qname)
>+                         . "&token=" . url_quote(issue_hash_token(['savedsearch']));
>         $template->process("global/message.html.tmpl", $vars)
>           || ThrowTemplateError($template->error());
>         exit;

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: