aboutsummaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2009-02-02 19:21:09 +0000
committerlpsolit%gmail.com <>2009-02-02 19:21:09 +0000
commitd5d928102e575599296421f3334e9f8c82ae5292 (patch)
tree2f49bc4fb306ee03a76ba447b550d47f18b1b2b7 /template
parent9c49307f5c2f5a67ab5b3b1270cc83b30efa8637 (diff)
downloadbugs-d5d928102e575599296421f3334e9f8c82ae5292.tar
bugs-d5d928102e575599296421f3334e9f8c82ae5292.tar.gz
bugs-d5d928102e575599296421f3334e9f8c82ae5292.tar.bz2
bugs-d5d928102e575599296421f3334e9f8c82ae5292.tar.xz
bugs-d5d928102e575599296421f3334e9f8c82ae5292.zip
Bug 472362: [SECURITY] Malicious attachments can change your user settings (user + email prefs, shared searches) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit
Diffstat (limited to 'template')
-rw-r--r--template/en/default/account/prefs/prefs.html.tmpl1
1 files changed, 1 insertions, 0 deletions
diff --git a/template/en/default/account/prefs/prefs.html.tmpl b/template/en/default/account/prefs/prefs.html.tmpl
index ed9cbce72..71e411d86 100644
--- a/template/en/default/account/prefs/prefs.html.tmpl
+++ b/template/en/default/account/prefs/prefs.html.tmpl
@@ -85,6 +85,7 @@
[% IF current_tab.saveable %]
<form name="userprefsform" method="post" action="userprefs.cgi">
<input type="hidden" name="tab" value="[% current_tab.name %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
[% END %]
[% PROCESS "account/prefs/${current_tab.name}.html.tmpl"