Last Comment Bug 621109 - Column changing lacks CSRF protection
: Column changing lacks CSRF protection
Status: RESOLVED FIXED
[infrasec:csrf][ws:low]
:
Product: Bugzilla
Classification: Server Software
Component: Query/Bug List (show other bugs)
: 3.6.3
: All All
: -- minor (vote)
: Bugzilla 4.0
Assigned To: Frédéric Buclin
: default-qa
Mentors:
Depends on:
Blocks: 620540
  Show dependency treegraph
 
Reported: 2010-12-22 23:48 PST by Reed Loden [:reed] (use needinfo?)
Modified: 2011-01-22 09:19 PST (History)
4 users (show)
mkanat: approval+
mkanat: approval4.0+
mkanat: blocking4.0+
See Also:
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
patch, v1 (2.54 KB, patch)
2010-12-27 13:00 PST, Frédéric Buclin
dkl: review+
Details | Diff | Splinter Review

Description Reed Loden [:reed] (use needinfo?) 2010-12-22 23:48:33 PST
colchange.cgi doesn't have any CSRF protection.
Comment 1 Gervase Markham [:gerv] 2010-12-23 02:22:08 PST
I'm not sure it really needs it, does it? As attacks go, changing the columns on my buglists is hardly serious.

Gerv
Comment 2 Reed Loden [:reed] (use needinfo?) 2010-12-23 02:25:53 PST
I agree it's not serious at all, but adding the tokenization wouldn't hurt anything, so why not.
Comment 3 Frédéric Buclin 2010-12-23 09:16:57 PST
i'm not even sure I would qualify this a security bug. My vote to retarget this bug to 3.6.
Comment 4 Frédéric Buclin 2010-12-27 13:00:10 PST
Created attachment 499883 [details] [diff] [review]
patch, v1

IMO not a security bug, but the fix is trivial.
Comment 5 David Lawrence [:dkl] 2011-01-10 17:04:11 PST
Comment on attachment 499883 [details] [diff] [review]
patch, v1

Looks good and works as expected. r=dkl
Comment 6 Max Kanat-Alexander 2011-01-21 15:35:18 PST
Agreed, not a security issue that needs to be kept confidential.
Comment 7 Frédéric Buclin 2011-01-22 09:19:04 PST
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified colchange.cgi
modified template/en/default/list/change-columns.html.tmpl
Committed revision 7662.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.0/
modified colchange.cgi
modified template/en/default/list/change-columns.html.tmpl
Committed revision 7520.

Note You need to log in before you can comment on or make changes to this bug.