No token assigned to "Un-forget the search"

RESOLVED FIXED in Bugzilla 4.0

Status

()

Bugzilla
Query/Bug List
--
minor
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: laurens.bal, Assigned: Frédéric Buclin)

Tracking

({regression})

4.0.6
Bugzilla 4.0
regression
Bug Flags:
approval +
approval4.2 +
approval4.0 +

Details

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
Step 1: Login with your account on bugzilla.mozilla.org
Step 2: Use query.cgi to perform a search
Step 3: Save your requested search  as "mysearch"
Step 4: Click on the link "Forget Search Mysearch"
Step 5: Click now on the link "Un-forget the search"

You will now be redirected to a page that asks for the token. 
Because there is no token added to this request.

Greets,

Laurens
Assignee: nobody → query-and-buglist
Component: General → Query/Bug List
Product: bugzilla.mozilla.org → Bugzilla
QA Contact: general → default-qa
Version: Production → 4.0.6
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Assignee)

Comment 1

5 years ago
Regression due to bug 621090. As we regressed this in 4.0, we should fix it there too, despite not being a security issue. Patch coming.
Assignee: query-and-buglist → LpSolit
Status: NEW → ASSIGNED
Depends on: 621090
Keywords: regression
OS: Windows 7 → All
Hardware: x86_64 → All
Target Milestone: --- → Bugzilla 4.0
(Assignee)

Comment 2

5 years ago
Created attachment 637112 [details] [diff] [review]
patch, v1
Attachment #637112 - Flags: review?(glob)
Comment on attachment 637112 [details] [diff] [review]
patch, v1

r=glob
Attachment #637112 - Flags: review?(glob) → review+
(Assignee)

Updated

5 years ago
Flags: approval4.2+
Flags: approval4.0+
Flags: approval+
(Assignee)

Comment 4

5 years ago
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified buglist.cgi
Committed revision 8278.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.2/
modified buglist.cgi
Committed revision 8099.

Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.0/
modified buglist.cgi
Committed revision 7711.
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
This has been deployed on bmo.

Comment 6

5 years ago
Comment on attachment 637112 [details] [diff] [review]
patch, v1

>Index: buglist.cgi
>===================================================================
>RCS file: /cvsroot/mozilla/webtools/bugzilla/buglist.cgi,v
>retrieving revision 1.444
>diff -p -u -r1.444 buglist.cgi
>--- buglist.cgi	7 Jun 2012 21:45:44 -0000	1.444
>+++ buglist.cgi	27 Jun 2012 14:29:44 -0000
>@@ -422,7 +422,9 @@ if ($cmdtype eq "dorem") {  
>         # Generate and return the UI (HTML page) from the appropriate template.
>         $vars->{'message'} = "buglist_query_gone";
>         $vars->{'namedcmd'} = $qname;
>-        $vars->{'url'} = "buglist.cgi?newquery=" . url_quote($buffer) . "&cmdtype=doit&remtype=asnamed&newqueryname=" . url_quote($qname);
>+        $vars->{'url'} = "buglist.cgi?newquery=" . url_quote($buffer)
>+                         . "&cmdtype=doit&remtype=asnamed&newqueryname=" . url_quote($qname)
>+                         . "&token=" . url_quote(issue_hash_token(['savedsearch']));
>         $template->process("global/message.html.tmpl", $vars)
>           || ThrowTemplateError($template->error());
>         exit;
You need to log in before you can comment on or make changes to this bug.