Bug 75890 - CVE-2011-3668 (https://bugzilla.mozilla.org/show_bug.cgi?id=703975)
git-svn-id: svn://svn.office.custis.ru/3rdparty/bugzilla.org/trunk@1498 6955db30-a419-402b-8a0d-67ecbb4d7f56master
parent
ad9617fd96
commit
81db720a3e
|
@ -75,8 +75,9 @@ if ($token) {
|
|||
if ($old_bug_id && (!$cgi->param('ignore_token')
|
||||
|| ($cgi->param('ignore_token') != $old_bug_id)))
|
||||
{
|
||||
$vars->{'bugid'} = $old_bug_id;
|
||||
$vars->{'allow_override'} = defined $cgi->param('ignore_token') ? 0 : 1;
|
||||
$vars->{bugid} = $old_bug_id;
|
||||
$vars->{allow_override} = defined $cgi->param('ignore_token') ? 0 : 1;
|
||||
$vars->{new_token} = issue_session_token('createbug:');
|
||||
|
||||
$template->process("bug/create/confirm-create-dupe.html.tmpl", $vars)
|
||||
|| ThrowTemplateError($template->error());
|
||||
|
|
|
@ -46,9 +46,9 @@ FILTER bug_link(bugid) FILTER none %].</font></p>
|
|||
<form name="create" id="create" method="post" action="post_bug.cgi"
|
||||
[%- IF Bugzilla.cgi.param("data") %] enctype="multipart/form-data"[% END %]>
|
||||
[% PROCESS "global/hidden-fields.html.tmpl"
|
||||
exclude="^(Bugzilla_login|Bugzilla_password|ignore_token)$" %]
|
||||
<input type="hidden" name="ignore_token" value="[% bugid FILTER html %]">
|
||||
<input type="submit" value="File [% terms.bug %] again" id="file_bug_again">
|
||||
exclude="^(Bugzilla_login|Bugzilla_password|token)$" %]
|
||||
<input type="hidden" name="token" value="[% new_token FILTER html %]" />
|
||||
<input type="submit" value="File [% terms.bug %] again" id="file_bug_again" />
|
||||
</form>
|
||||
[% END %]
|
||||
|
||||
|
|
Loading…
Reference in New Issue