Skip to content
Browse files

Fixed bug#10099: Missing challenge token checks on customer interface.

  • Loading branch information...
1 parent 5a3b34f commit 92f417277f43832f1a0462f2485fe1fd3fd52312 @mgruner mgruner committed Dec 20, 2013
View
1 CHANGES.md
@@ -1,4 +1,5 @@
#3.3.4 201?-??-??
+ - 2013-12-20 Fixed bug#[10099](http://bugs.otrs.org/show_bug.cgi?id=10099) - Missing challenge token checks on customer interface.
- 2013-12-18 Fixed bug#[10110](http://bugs.otrs.org/show_bug.cgi?id=10110) - Stats list may show too few or too many stats.
- 2013-12-17 Fixed bug#[10103](http://bugs.otrs.org/show_bug.cgi?id=10103) - ArticleTypeID is always undef in AgentTicketCompose
- 2013-12-16 Fixed bug#[10080](http://bugs.otrs.org/show_bug.cgi?id=10080) - Bad group check in otrs-scheduler-linux.
View
2 Kernel/Modules/CustomerPreferences.pm
@@ -44,7 +44,7 @@ sub Run {
if ( $Self->{Subaction} eq 'Update' ) {
# challenge token check for write action
- $Self->{LayoutObject}->ChallengeTokenCheck();
+ $Self->{LayoutObject}->ChallengeTokenCheck(Type => 'Customer');
# check group param
my $Group = $Self->{ParamObject}->GetParam( Param => 'Group' ) || '';
View
4 Kernel/Modules/CustomerTicketMessage.pm
@@ -222,6 +222,10 @@ sub Run {
return $Output;
}
elsif ( $Self->{Subaction} eq 'StoreNew' ) {
+
+ # challenge token check for write action
+ $Self->{LayoutObject}->ChallengeTokenCheck(Type => 'Customer');
+
my $NextScreen = $Self->{Config}->{NextScreenAfterNewTicket};
my %Error;
View
2 Kernel/Modules/CustomerTicketProcess.pm
@@ -338,7 +338,7 @@ sub Run {
}
if ( $Self->{Subaction} eq 'StoreActivityDialog' && $ProcessEntityID ) {
- $Self->{LayoutObject}->ChallengeTokenCheck();
+ $Self->{LayoutObject}->ChallengeTokenCheck(Type => 'Customer');
return $Self->_StoreActivityDialog(
%Param,
View
4 Kernel/Modules/CustomerTicketZoom.pm
@@ -320,6 +320,10 @@ sub Run {
# check follow up
elsif ( $Self->{Subaction} eq 'Store' ) {
+
+ # challenge token check for write action
+ $Self->{LayoutObject}->ChallengeTokenCheck(Type => 'Customer');
+
my $NextScreen = $Self->{NextScreen} || $Self->{Config}->{NextScreenAfterFollowUp};
my %Error;
View
14 Kernel/Output/HTML/Layout.pm
@@ -1147,11 +1147,17 @@ sub ChallengeTokenCheck {
}
# no valid token found
- $Self->FatalError(
- Message => 'Invalid Challenge Token!',
- );
+ if ($Param{Type} && lc $Param{Type} eq 'customer') {
+ $Self->CustomerFatalError(
+ Message => 'Invalid Challenge Token!',
+ );
+ }
+ else {
+ $Self->FatalError(
+ Message => 'Invalid Challenge Token!',
+ );
+ }
- # ChallengeToken ok
return;
}

0 comments on commit 92f4172

Please sign in to comment.
Something went wrong with that request. Please try again.