diff options
author | David Lawrence <dkl@mozilla.com> | 2015-04-24 17:56:26 +0200 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-04-24 17:56:26 +0200 |
commit | 283be21f66e638667bc2ec7720cab459ecf1f698 (patch) | |
tree | cdbfbb79d503373bb2058a96f369cf75542dbe3b /Bugzilla/Template.pm | |
parent | ed92da4fed393bb0f645f7bad022d49fed336a2f (diff) | |
download | bugzilla-283be21f66e638667bc2ec7720cab459ecf1f698.tar.gz bugzilla-283be21f66e638667bc2ec7720cab459ecf1f698.tar.xz |
Bug 1157395: CSRF in log in form
Diffstat (limited to 'Bugzilla/Template.pm')
-rw-r--r-- | Bugzilla/Template.pm | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Bugzilla/Template.pm b/Bugzilla/Template.pm index 3664fca81..608d612b8 100644 --- a/Bugzilla/Template.pm +++ b/Bugzilla/Template.pm @@ -1040,6 +1040,11 @@ sub create { # Allow templates to generate a token themselves. 'issue_hash_token' => \&Bugzilla::Token::issue_hash_token, + 'get_login_request_token' => sub { + my $cookie = Bugzilla->cgi->cookie('Bugzilla_login_request_cookie'); + return $cookie ? issue_hash_token(['login_request', $cookie]) : ''; + }, + 'get_api_token' => sub { return '' unless Bugzilla->user->id; my $cache = Bugzilla->request_cache; |