Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 966676: The 'sudo' cookie should not be accessible from JavaScript

Browse Source 
r=dkl a=justdave


git-svn-id: svn://10.0.0.236/trunk@265245 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
bzrmirror%bugzilla.org 2014-02-14 23:32:26 +00:00
parent 3bccdd14ea
commit 8124a0f52d
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mozilla/webtools/bugzilla/.bzrrev
View File

@ -1 +1 @@
8920 8921

11
mozilla/webtools/bugzilla/relogin.cgi
View File

@ -137,10 +137,17 @@ elsif ($action eq 'begin-sudo') {
# For future sessions, store the unique ID of the target user # For future sessions, store the unique ID of the target user
my $token = Bugzilla::Token::_create_token($user->id, 'sudo', $target_user->id); my $token = Bugzilla::Token::_create_token($user->id, 'sudo', $target_user->id);
my %args;
if (Bugzilla->params->{ssl_redirect}) {
$args{'-secure'} = 1;
}
$cgi->send_cookie('-name' => 'sudo', $cgi->send_cookie('-name' => 'sudo',
'-expires' => $time_string, '-expires' => $time_string,
'-value' => $token '-value' => $token,
); '-httponly' => 1,
%args);
# For the present, change the values of Bugzilla::user & Bugzilla::sudoer # For the present, change the values of Bugzilla::user & Bugzilla::sudoer
Bugzilla->sudo_request($target_user, $user); Bugzilla->sudo_request($target_user, $user);