diff options
| author | David Lawrence <dlawrence@mozilla.com> | 2011-01-24 14:35:31 -0500 |
|---|---|---|
| committer | David Lawrence <dlawrence@mozilla.com> | 2011-01-24 14:35:31 -0500 |
| commit | ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6 (patch) | |
| tree | e06da7523a0a54ca0e8f6c7d63185a1d76fa6607 /extensions/Voting/template/en/default/voting/delete-all.html.tmpl | |
| parent | 9244270a7d1ca49e315a98c24d51bf405bfa2880 (diff) | |
| download | bugs-ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6.tar bugs-ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6.tar.gz bugs-ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6.tar.bz2 bugs-ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6.tar.xz bugs-ad1e3aef99b806d7f4a5bd18aa0c8cc6102f62e6.zip | |
Bug 621105 - [SECURITY] Voting lacks CSRF protection
r=mkanat,a=LpSolit
Diffstat (limited to 'extensions/Voting/template/en/default/voting/delete-all.html.tmpl')
| -rw-r--r-- | extensions/Voting/template/en/default/voting/delete-all.html.tmpl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/extensions/Voting/template/en/default/voting/delete-all.html.tmpl b/extensions/Voting/template/en/default/voting/delete-all.html.tmpl index 82ddc3596..f0d3b7e13 100644 --- a/extensions/Voting/template/en/default/voting/delete-all.html.tmpl +++ b/extensions/Voting/template/en/default/voting/delete-all.html.tmpl @@ -35,6 +35,7 @@ <form action="page.cgi?id=voting/user.html" method="post"> <input type="hidden" name="action" value="vote"> + <input type="hidden" name="token" value="[% issue_hash_token(['vote']) FILTER html %]"> <p> <input type="radio" name="delete_all_votes" value="1"> Yes, delete all my votes |