aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-15 05:02:09 +0000
committerlpsolit%gmail.com <>2006-10-15 05:02:09 +0000
commit93815fc7619567cc962e053280c5ed0b19492feb (patch)
treeffc99d8156c41fbd0d5ab8801324adead2ef4436 /relogin.cgi
parentBug 346564: [SECURITY] timetracking deadline leaks in XML - Patch by Olav Vit... (diff)
downloadbugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz
bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.bz2
bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.zip
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'relogin.cgi')
-rwxr-xr-xrelogin.cgi4
1 files changed, 2 insertions, 2 deletions
diff --git a/relogin.cgi b/relogin.cgi
index e47dbe003..5aa187490 100755
--- a/relogin.cgi
+++ b/relogin.cgi
@@ -60,7 +60,7 @@ if ($action eq 'prepare-sudo') {
}
# Keep a temporary record of the user visiting this page
- $vars->{'token'} = Bugzilla::Token::IssueSessionToken('sudo_prepared');
+ $vars->{'token'} = issue_session_token('sudo_prepared');
# Show the sudo page
$vars->{'target_login_default'} = $cgi->param('target_login');
@@ -121,7 +121,7 @@ elsif ($action eq 'begin-sudo') {
{ target_login => scalar $cgi->param('target_login'),
reason => scalar $cgi->param('reason')});
}
- Bugzilla::Token::DeleteToken($cgi->param('token'));
+ delete_token($cgi->param('token'));
# Get & verify the target user (the user who we will be impersonating)
my $target_user =