Last Comment Bug 514378 - 'Submit only my new comment' leads to Suspicious Action
: 'Submit only my new comment' leads to Suspicious Action
Status: RESOLVED FIXED
:
Product: Bugzilla
Classification: Server Software
Component: Creating/Changing Bugs (show other bugs)
: 3.4.1
: All All
: -- normal with 1 vote (vote)
: Bugzilla 3.4
Assigned To: Frédéric Buclin
: default-qa
Mentors:
http://bugzilla.gnome.org/show_bug.cg...
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-09-03 01:29 PDT by Reinout van Schouwen
Modified: 2010-02-28 10:48 PST (History)
4 users (show)
LpSolit: approval+
LpSolit: approval3.4+
LpSolit: blocking3.4.3+
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
patch, v1 (986 bytes, patch)
2009-09-22 11:07 PDT, Frédéric Buclin
dkl: review+
Details | Diff | Review

Description Reinout van Schouwen 2009-09-03 01:29:40 PDT
Forwarded from Gnome bug 593912:
------------------------------------------------------------------------
I had a mid-air collision while adding a comment to bug 503968. Xan had added a
comment before me. I chose 'Submit only my new comment'. This lead me to a
'Suspicious Action' error page with the following warning:
===
It looks like you didn't come from the right page. One reason could be that you
entered the URL in the address bar of your web browser directly, which should
be safe. Another reason could be that you clicked on a URL which redirected you
here without your consent.

Are you sure you want to commit these changes? 
===

The expected result would be that my comment is added without overwriting Xan's
comment.
---------------------------------------------------------------------------
Comment 1 Frédéric Buclin 2009-09-22 11:07:28 PDT
Created attachment 402120 [details] [diff] [review]
patch, v1

We forgot to pass the token back to process_bug.cgi.
Comment 2 David Lawrence [:dkl] 2009-09-22 12:13:34 PDT
Comment on attachment 402120 [details] [diff] [review]
patch, v1

Works for me as expected. r=dkl
Comment 3 Frédéric Buclin 2009-09-22 12:14:32 PDT
3.2 is not affected as this feature doesn't exist there.
Comment 4 Frédéric Buclin 2009-09-22 12:20:34 PDT
tip:

Checking in template/en/default/bug/process/midair.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/process/midair.html.tmpl,v  <--  midair.html.tmpl
new revision: 1.25; previous revision: 1.24
done

3.4.2:

Checking in template/en/default/bug/process/midair.html.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/bug/process/midair.html.tmpl,v  <--  midair.html.tmpl
new revision: 1.23.2.1; previous revision: 1.23
done

Note You need to log in before you can comment on or make changes to this bug.