4.2 : 6452 : userprefs.cgi

To get this branch, use:

bzr branch
/bugzilla/4.2

« back to all changes in this revision

Viewing changes to userprefs.cgi

lpsolit%gmail.com

2009-02-02 11:21:09

Revision ID: cvs-1:lpsolitgmail.com-20090202192109-yitxsla3mu86sphj

Bug 472362: [SECURITY] Malicious attachments can change your user settings (user + email prefs, shared searches) - Patch by FrÃ©dÃ©ric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit

files modified:
template/en/default/account/prefs/prefs.html.tmpl

userprefs.cgi

Show diffs side-by-side

added added

removed removed

userprefs.cgi

517

518

$vars->{'current_tab_name'} = $current_tab_name;

519

520

my $token = $cgi->param('token');

521

check_token_data($token, 'edit_user_prefs') if $cgi->param('dosave');

522

520

523

# Do any saving, and then display the current tab.

521

524

SWITCH: for ($current_tab_name) {

522

525

/^account$/ && do {

547

550

{ current_tab_name => $current_tab_name });

548

551

}

549

552

553

delete_token($token) if $cgi->param('dosave');

554

if ($current_tab_name ne 'permissions') {

555

$vars->{'token'} = issue_session_token('edit_user_prefs');

556

}

557

550

558

# Generate and return the UI (HTML page) from the appropriate template.

551

559

print $cgi->header();

552

560

$template->process("account/prefs/prefs.html.tmpl", $vars)

Newer
Older

Loggerhead 1.18.1 is a web-based interface for Bazaar branches