Closed Bug 768870 Opened 12 years ago Closed 12 years ago

No token assigned to "Un-forget the search"

Categories

(Bugzilla :: Query/Bug List, defect)

Product:
Bugzilla
Component:
Query/Bug List
Version:
4.0.6
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 4.0

People

(Reporter: laurens.bal, Assigned: LpSolit)

References

Details

(Keywords: regression)

Attachments

(1 file)

patch, v1
1.01 KB, patch
glob
: review+
Details | Diff | Splinter Review
Step 1: Login with your account on bugzilla.mozilla.org Step 2: Use query.cgi to perform a search Step 3: Save your requested search as "mysearch" Step 4: Click on the link "Forget Search Mysearch" Step 5: Click now on the link "Un-forget the search" You will now be redirected to a page that asks for the token. Because there is no token added to this request. Greets, Laurens
Assignee: nobody → query-and-buglist
Component: General → Query/Bug List
Product: bugzilla.mozilla.org → Bugzilla
QA Contact: general → default-qa
Version: Production → 4.0.6
Status: UNCONFIRMED → NEW
Ever confirmed: true
Regression due to bug 621090. As we regressed this in 4.0, we should fix it there too, despite not being a security issue. Patch coming.
Assignee: query-and-buglist → LpSolit
Status: NEW → ASSIGNED
Depends on: CVE-2011-0046
Keywords: regression
OS: Windows 7 → All
Hardware: x86_64 → All
Target Milestone: --- → Bugzilla 4.0
Attached patch patch, v1Splinter Review
Attachment #637112 - Flags: review?(glob)
Comment on attachment 637112 [details] [diff] [review] patch, v1 r=glob
Attachment #637112 - Flags: review?(glob) → review+
Flags: approval4.2+
Flags: approval4.0+
Flags: approval+
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/ modified buglist.cgi Committed revision 8278. Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.2/ modified buglist.cgi Committed revision 8099. Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/4.0/ modified buglist.cgi Committed revision 7711.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
This has been deployed on bmo.
Comment on attachment 637112 [details] [diff] [review] patch, v1 >Index: buglist.cgi >=================================================================== >RCS file: /cvsroot/mozilla/webtools/bugzilla/buglist.cgi,v >retrieving revision 1.444 >diff -p -u -r1.444 buglist.cgi >--- buglist.cgi 7 Jun 2012 21:45:44 -0000 1.444 >+++ buglist.cgi 27 Jun 2012 14:29:44 -0000 >@@ -422,7 +422,9 @@ if ($cmdtype eq "dorem") { > # Generate and return the UI (HTML page) from the appropriate template. > $vars->{'message'} = "buglist_query_gone"; > $vars->{'namedcmd'} = $qname; >- $vars->{'url'} = "buglist.cgi?newquery=" . url_quote($buffer) . "&cmdtype=doit&remtype=asnamed&newqueryname=" . url_quote($qname); >+ $vars->{'url'} = "buglist.cgi?newquery=" . url_quote($buffer) >+ . "&cmdtype=doit&remtype=asnamed&newqueryname=" . url_quote($qname) >+ . "&token=" . url_quote(issue_hash_token(['savedsearch'])); > $template->process("global/message.html.tmpl", $vars) > || ThrowTemplateError($template->error()); > exit;
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: