Closed
Bug 927900
Opened 11 years ago
Closed 11 years ago
Kill longdesclength
Categories
(Bugzilla :: Creating/Changing Bugs, enhancement)
Tracking
()
RESOLVED
FIXED
Bugzilla 5.0
People
(Reporter: LpSolit, Assigned: LpSolit)
Details
Attachments
(1 file)
6.38 KB,
patch
|
dkl
:
review+
|
Details | Diff | Splinter Review |
The longdesclength parameter is used for midair collisions only, to know how many comments to display in the midair collision page, and to decide if this page should be displayed or not. One way to abuse the validator is to pass a large enough number so that my $do_midair = scalar @$comments > $start_at ? 1 : 0; always returns 0. As we know delta_ts, we should use it instead to determine if there are new comments. If the attacker also tries to hack delta_ts (if set to a date in the future, the midair collision check will be happy and let it go through), then the token check will catch the timestamp mismatch and so there is no way for the attacker to go past this step.
Assignee | ||
Comment 1•11 years ago
|
||
Assignee: create-and-change → LpSolit
Status: NEW → ASSIGNED
Attachment #829773 -
Flags: review?(dkl)
Assignee | ||
Comment 2•11 years ago
|
||
FYI, sort_order in bug/comments.html.tmpl is no longer used since Bugzilla 4.2, see bug 827983.
Comment 3•11 years ago
|
||
Comment on attachment 829773 [details] [diff] [review] patch, v1 Review of attachment 829773 [details] [diff] [review]: ----------------------------------------------------------------- r=dkl
Attachment #829773 -
Flags: review?(dkl) → review+
Updated•11 years ago
|
Flags: approval?
Updated•11 years ago
|
Flags: approval? → approval+
Assignee | ||
Comment 4•11 years ago
|
||
Committing to: bzr+ssh://lpsolit%40gmail.com@bzr.mozilla.org/bugzilla/trunk/ modified email_in.pl modified process_bug.cgi modified template/en/default/bug/comments.html.tmpl modified template/en/default/bug/edit.html.tmpl modified template/en/default/bug/process/midair.html.tmpl Committed revision 8812.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → Bugzilla 5.0
You need to log in
before you can comment on or make changes to this bug.
Description
•