diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2011-01-22 18:15:42 +0100 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2011-01-22 18:15:42 +0100 |
commit | 721dfc64e95140c48726738770cd22b71ac36702 (patch) | |
tree | c08aa9dc3fb9e1da20439b81dcb739055757db50 /template/en/default/list | |
parent | 66a3af3269c5e58ed6e27173e7f0331ee581cadf (diff) | |
download | bugs-721dfc64e95140c48726738770cd22b71ac36702.tar bugs-721dfc64e95140c48726738770cd22b71ac36702.tar.gz bugs-721dfc64e95140c48726738770cd22b71ac36702.tar.bz2 bugs-721dfc64e95140c48726738770cd22b71ac36702.tar.xz bugs-721dfc64e95140c48726738770cd22b71ac36702.zip |
Bug 621109: Column changing lacks CSRF protection
r=dkl a=mkanat
Diffstat (limited to 'template/en/default/list')
-rw-r--r-- | template/en/default/list/change-columns.html.tmpl | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/template/en/default/list/change-columns.html.tmpl b/template/en/default/list/change-columns.html.tmpl index 77deb503c..b13055c38 100644 --- a/template/en/default/list/change-columns.html.tmpl +++ b/template/en/default/list/change-columns.html.tmpl @@ -121,11 +121,16 @@ <p> <input type="hidden" name="saved_search" value="[% saved_search.id FILTER html%]" > + <input type="hidden" name="token" + value="[% issue_hash_token([saved_search.id, saved_search.name]) FILTER html %]"> <input type="checkbox" id="save_columns_for_search" checked="checked" name="save_columns_for_search" value="1"> <label for="save_columns_for_search">Save this column list only for search '[% saved_search.name FILTER html %]'</label> </p> + [% ELSE %] + <input type="hidden" name="token" + value="[% issue_hash_token(['default-list']) FILTER html %]"> [% END %] <p> |