"Suspicious Action" when I try to mass-change bugs




10 years ago
10 years ago


(Reporter: clouserw, Unassigned)





10 years ago
Just started getting this after the last upgrade.  To reproduce:

1) Do a quicksearch for 2 or more bugs
2) Click "Change several bugs at once"
3) select all the checkboxes, add someone to the CC list, click commit
4) Get this Message:
It looks like you didn't come from the right page (you have no valid token for the buglist_mass_change action while processing the 'process_bug.cgi' script). The reason could be one of:

* You clicked the "Back" button of your web browser after having successfully submitted changes, which is generally not a good idea (but harmless).
* You entered the URL in the address bar of your web browser directly, which should be safe.
* You clicked on a URL which redirected you here without your consent, in which case this action is much more critical.

Are you sure you want to commit these changes anyway? This may result in unexpected and undesired results.

Comment 1

10 years ago
Seems to be bmo specific. I cannot reproduce upstream, neither on Bugzilla 3.3.3, nor 3.2.2.
Assignee: create-and-change → nobody
Component: Creating/Changing Bugs → Bugzilla: Other b.m.o Issues
Product: Bugzilla → mozilla.org
QA Contact: default-qa → other-bmo-issues
Version: 3.2.2 → other

Comment 2

10 years ago
I also tried on landfill, and I still cannot reproduce. But I can indeed reproduce the problem on bmo.
Could this be related to the CSRF tokens ocassionally getting written to the slave instead of the master?  bmo has multiple slaves, so it would be more obvious.

Comment 4

10 years ago
Yes, I'm pretty sure it's the same issue, now that we have identified the problem.
Assignee: nobody → create-and-change
Last Resolved: 10 years ago
Component: Bugzilla: Other b.m.o Issues → Creating/Changing Bugs
Product: mozilla.org → Bugzilla
QA Contact: other-bmo-issues → default-qa
Resolution: --- → DUPLICATE
Version: other → 3.2.2
Duplicate of bug: 476943
The fix from bug 476943 has been deployed on bmo now, so this problem should be gone on bmo now.
You need to log in before you can comment on or make changes to this bug.