diff options
author | lpsolit%gmail.com <> | 2009-02-02 19:21:09 +0000 |
---|---|---|
committer | lpsolit%gmail.com <> | 2009-02-02 19:21:09 +0000 |
commit | d5d928102e575599296421f3334e9f8c82ae5292 (patch) | |
tree | 2f49bc4fb306ee03a76ba447b550d47f18b1b2b7 /template | |
parent | 9c49307f5c2f5a67ab5b3b1270cc83b30efa8637 (diff) | |
download | bugs-d5d928102e575599296421f3334e9f8c82ae5292.tar bugs-d5d928102e575599296421f3334e9f8c82ae5292.tar.gz bugs-d5d928102e575599296421f3334e9f8c82ae5292.tar.bz2 bugs-d5d928102e575599296421f3334e9f8c82ae5292.tar.xz bugs-d5d928102e575599296421f3334e9f8c82ae5292.zip |
Bug 472362: [SECURITY] Malicious attachments can change your user settings (user + email prefs, shared searches) - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wicked a=LpSolit
Diffstat (limited to 'template')
-rw-r--r-- | template/en/default/account/prefs/prefs.html.tmpl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/template/en/default/account/prefs/prefs.html.tmpl b/template/en/default/account/prefs/prefs.html.tmpl index ed9cbce72..71e411d86 100644 --- a/template/en/default/account/prefs/prefs.html.tmpl +++ b/template/en/default/account/prefs/prefs.html.tmpl @@ -85,6 +85,7 @@ [% IF current_tab.saveable %] <form name="userprefsform" method="post" action="userprefs.cgi"> <input type="hidden" name="tab" value="[% current_tab.name %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> [% END %] [% PROCESS "account/prefs/${current_tab.name}.html.tmpl" |