summaryrefslogtreecommitdiffstats
path: root/extensions/BMO
diff options
context:
space:
mode:
authorDave Lawrence <dlawrence@mozilla.com>2012-04-04 23:11:12 +0200
committerDave Lawrence <dlawrence@mozilla.com>2012-04-04 23:11:12 +0200
commit74aa3e30fbb81922c3d566e98fe8d734d93b8259 (patch)
tree199466a698462c9d91d98a608e2101ebc8eb751e /extensions/BMO
parent672bb2b2765078f8ccb9058180f27816bc60c4e3 (diff)
downloadbugzilla-74aa3e30fbb81922c3d566e98fe8d734d93b8259.tar.gz
bugzilla-74aa3e30fbb81922c3d566e98fe8d734d93b8259.tar.xz
Backport of Bug 705474 - CSRF vulnerability in createaccount.cgi allows possible unauthorized account creation e-mail request
Diffstat (limited to 'extensions/BMO')
-rw-r--r--extensions/BMO/template/en/default/account/create.html.tmpl1
1 files changed, 1 insertions, 0 deletions
diff --git a/extensions/BMO/template/en/default/account/create.html.tmpl b/extensions/BMO/template/en/default/account/create.html.tmpl
index e559f2d8c..6ca32dfd5 100644
--- a/extensions/BMO/template/en/default/account/create.html.tmpl
+++ b/extensions/BMO/template/en/default/account/create.html.tmpl
@@ -146,6 +146,7 @@ function onSubmit() {
<td>
<input size="35" id="login" name="login" placeholder="you@example.com">[% Param('emailsuffix') FILTER html %]</td>
<td>
+ <input type="hidden" id="token" name="token" value="[% issue_hash_token(['create_account']) FILTER html %]">
<input type="submit" value="Create Account">
</td>
</tr>