Closed Bug 927900 Opened 11 years ago Closed 11 years ago

Kill longdesclength

Categories

(Bugzilla :: Creating/Changing Bugs, enhancement)

Product:
Bugzilla
Component:
Creating/Changing Bugs
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 5.0

People

(Reporter: LpSolit, Assigned: LpSolit)

Details

Attachments

(1 file)

patch, v1
6.38 KB, patch
dkl
: review+
Details | Diff | Splinter Review 
The longdesclength parameter is used for midair collisions only, to know how many comments to display in the midair collision page, and to decide if this page should be displayed or not. One way to abuse the validator is to pass a large enough number so that

  my $do_midair = scalar @$comments > $start_at ? 1 : 0;

always returns 0. As we know delta_ts, we should use it instead to determine if there are new comments. If the attacker also tries to hack delta_ts (if set to a date in the future, the midair collision check will be happy and let it go through), then the token check will catch the timestamp mismatch and so there is no way for the attacker to go past this step.
Attached patch patch, v1Splinter Review 
Assignee: create-and-change → LpSolit
Status: NEW → ASSIGNED

        Attachment #829773 -
        Flags: review?(dkl)

    
    

    
  
FYI, sort_order in bug/comments.html.tmpl is no longer used since Bugzilla 4.2, see bug 827983.

    
    

    
  
Comment on attachment 829773 [details] [diff] [review]
patch, v1

Review of attachment 829773 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl

        Attachment #829773 -
        Flags: review?(dkl) → review+
Flags: approval?

    
  
Flags: approval? → approval+

    
    

    
  
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/
modified email_in.pl
modified process_bug.cgi
modified template/en/default/bug/comments.html.tmpl
modified template/en/default/bug/edit.html.tmpl
modified template/en/default/bug/process/midair.html.tmpl
Committed revision 8812.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → Bugzilla 5.0

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: