Skip to content
This repository has been archived by the owner on Jan 27, 2021. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Fixed bug#10099: Missing challenge token checks on customer interface.
Conflicts:
	CHANGES.md
	Kernel/Modules/CustomerTicketProcess.pm
	Kernel/Modules/CustomerTicketZoom.pm
  • Loading branch information
mgruner committed Dec 20, 2013
1 parent 86e884a commit ca2c339
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 5 deletions.
1 change: 1 addition & 0 deletions CHANGES
Expand Up @@ -10,6 +10,7 @@
# --

3.1.19 2013-??-??
- 2013-12-20 Fixed bug#10099 - Missing challenge token checks on customer interface.
- 2013-09-20 Fixed bug#8489 - setting Tickets per page resets AgentTicketQueue.
- 2013-09-06 Fixed bug#9661 - Useless code in DynamicField backend.
- 2013-07-24 Fixed bug#9622 - Actions in Small ticket overview don't work when cookies are turned off.
Expand Down
2 changes: 1 addition & 1 deletion Kernel/Modules/CustomerPreferences.pm
Expand Up @@ -49,7 +49,7 @@ sub Run {
if ( $Self->{Subaction} eq 'Update' ) {

# challenge token check for write action
$Self->{LayoutObject}->ChallengeTokenCheck();
$Self->{LayoutObject}->ChallengeTokenCheck(Type => 'Customer');

# check group param
my $Group = $Self->{ParamObject}->GetParam( Param => 'Group' ) || '';
Expand Down
4 changes: 4 additions & 0 deletions Kernel/Modules/CustomerTicketMessage.pm
Expand Up @@ -176,6 +176,10 @@ sub Run {
return $Output;
}
elsif ( $Self->{Subaction} eq 'StoreNew' ) {

# challenge token check for write action
$Self->{LayoutObject}->ChallengeTokenCheck(Type => 'Customer');

my $NextScreen = $Self->{Config}->{NextScreenAfterNewTicket};
my %Error;

Expand Down
4 changes: 4 additions & 0 deletions Kernel/Modules/CustomerTicketZoom.pm
Expand Up @@ -139,6 +139,10 @@ sub Run {

# check follow up
if ( $Self->{Subaction} eq 'Store' ) {

# challenge token check for write action
$Self->{LayoutObject}->ChallengeTokenCheck(Type => 'Customer');

my $NextScreen = $Self->{NextScreen} || $Self->{Config}->{NextScreenAfterFollowUp};
my %Error;

Expand Down
14 changes: 10 additions & 4 deletions Kernel/Output/HTML/Layout.pm
Expand Up @@ -1113,11 +1113,17 @@ sub ChallengeTokenCheck {
}

# no valid token found
$Self->FatalError(
Message => 'Invalid Challenge Token!',
);
if ($Param{Type} && lc $Param{Type} eq 'customer') {
$Self->CustomerFatalError(
Message => 'Invalid Challenge Token!',
);
}
else {
$Self->FatalError(
Message => 'Invalid Challenge Token!',
);
}

# ChallengeToken ok
return;
}

Expand Down

0 comments on commit ca2c339

Please sign in to comment.