diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2011-01-24 18:12:29 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-01-24 18:12:29 +0100 |
commit | 10b4a9266d92269fd48d12d1a6de983858ea9b74 (patch) | |
tree | ff5fa498403d5f40f6a68daa5752152ed6f137ea /template/en/default | |
parent | Bug 621107: [SECURITY] Sanity checking lacks CSRF protection (diff) | |
download | bugzilla-10b4a9266d92269fd48d12d1a6de983858ea9b74.tar.gz bugzilla-10b4a9266d92269fd48d12d1a6de983858ea9b74.tar.bz2 bugzilla-10b4a9266d92269fd48d12d1a6de983858ea9b74.zip |
Bug 621108: [SECURITY] Creating/editing charts lacks CSRF protection
r=dkl a=LpSolit
Diffstat (limited to 'template/en/default')
-rw-r--r-- | template/en/default/reports/edit-series.html.tmpl | 2 | ||||
-rw-r--r-- | template/en/default/search/search-create-series.html.tmpl | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/template/en/default/reports/edit-series.html.tmpl b/template/en/default/reports/edit-series.html.tmpl index 9afe7edcd..da7d15e0a 100644 --- a/template/en/default/reports/edit-series.html.tmpl +++ b/template/en/default/reports/edit-series.html.tmpl @@ -40,6 +40,8 @@ [% PROCESS reports/series.html.tmpl button_name = "Change Data Set" %] <input type="hidden" name="action" value="alter"> + <input type="hidden" name="token" + value="[% issue_hash_token([default.id, default.name]) FILTER html %]"> [% IF default.series_id %] <input type="hidden" name="series_id" value="[% default.series_id %]"> diff --git a/template/en/default/search/search-create-series.html.tmpl b/template/en/default/search/search-create-series.html.tmpl index 2aa5224c4..468324abd 100644 --- a/template/en/default/search/search-create-series.html.tmpl +++ b/template/en/default/search/search-create-series.html.tmpl @@ -54,6 +54,7 @@ [% PROCESS reports/series.html.tmpl button_name = "Create Data Set" %] <input type="hidden" name="action" value="create"> + <input type="hidden" name="token" value="[% issue_hash_token(['create-series']) FILTER html %]"> <script type="text/javascript"> document.chartform.category[0].selected = true; |