diff options
| author | David Lawrence <dlawrence@mozilla.com> | 2011-01-06 23:02:28 -0500 |
|---|---|---|
| committer | David Lawrence <dlawrence@mozilla.com> | 2011-01-06 23:02:28 -0500 |
| commit | aa94254a92a7d1c4f09275b5937c3eae7300dad6 (patch) | |
| tree | 64bbd301a0251b2f89d0d16ca80958f3357ba512 /template/en/default/list/list.html.tmpl | |
| parent | 8cea190794a75022d3d95932b5895a21afb0b298 (diff) | |
| download | bugs-aa94254a92a7d1c4f09275b5937c3eae7300dad6.tar bugs-aa94254a92a7d1c4f09275b5937c3eae7300dad6.tar.gz bugs-aa94254a92a7d1c4f09275b5937c3eae7300dad6.tar.bz2 bugs-aa94254a92a7d1c4f09275b5937c3eae7300dad6.tar.xz bugs-aa94254a92a7d1c4f09275b5937c3eae7300dad6.zip | |
Bug 621090 - [SECURITY] Adding saved searches lacks CSRF protection
r/a=mkanat
Diffstat (limited to 'template/en/default/list/list.html.tmpl')
| -rw-r--r-- | template/en/default/list/list.html.tmpl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/template/en/default/list/list.html.tmpl b/template/en/default/list/list.html.tmpl index 4ebc7194c..924ce23dc 100644 --- a/template/en/default/list/list.html.tmpl +++ b/template/en/default/list/list.html.tmpl @@ -253,6 +253,7 @@ value="[% urlquerypart FILTER html %][% "&order=$qorder" FILTER html IF order %]"> <input type="hidden" name="cmdtype" value="doit"> <input type="hidden" name="remtype" value="asnamed"> + <input type="hidden" name="token" value="[% issue_hash_token(['savedsearch']) FILTER html %]"> <input type="text" id="save_newqueryname" name="newqueryname" size="20" value="[% defaultsavename FILTER html %]"> </form> |