aboutsummaryrefslogtreecommitdiffstats
path: root/template/en/default/list
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2011-01-22 18:15:42 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2011-01-22 18:15:42 +0100
commit721dfc64e95140c48726738770cd22b71ac36702 (patch)
treec08aa9dc3fb9e1da20439b81dcb739055757db50 /template/en/default/list
parent66a3af3269c5e58ed6e27173e7f0331ee581cadf (diff)
downloadbugs-721dfc64e95140c48726738770cd22b71ac36702.tar
bugs-721dfc64e95140c48726738770cd22b71ac36702.tar.gz
bugs-721dfc64e95140c48726738770cd22b71ac36702.tar.bz2
bugs-721dfc64e95140c48726738770cd22b71ac36702.tar.xz
bugs-721dfc64e95140c48726738770cd22b71ac36702.zip
Bug 621109: Column changing lacks CSRF protection
r=dkl a=mkanat
Diffstat (limited to 'template/en/default/list')
-rw-r--r--template/en/default/list/change-columns.html.tmpl5
1 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/list/change-columns.html.tmpl b/template/en/default/list/change-columns.html.tmpl
index 77deb503c..b13055c38 100644
--- a/template/en/default/list/change-columns.html.tmpl
+++ b/template/en/default/list/change-columns.html.tmpl
@@ -121,11 +121,16 @@
<p>
<input type="hidden" name="saved_search"
value="[% saved_search.id FILTER html%]" >
+ <input type="hidden" name="token"
+ value="[% issue_hash_token([saved_search.id, saved_search.name]) FILTER html %]">
<input type="checkbox" id="save_columns_for_search" checked="checked"
name="save_columns_for_search" value="1">
<label for="save_columns_for_search">Save this column list only
for search '[% saved_search.name FILTER html %]'</label>
</p>
+ [% ELSE %]
+ <input type="hidden" name="token"
+ value="[% issue_hash_token(['default-list']) FILTER html %]">
[% END %]
<p>