summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2011-01-24 18:04:59 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2011-01-24 18:04:59 +0100
commitf6c4abda55c83a53d32d5958cc9c81a602423c89 (patch)
tree9778fcd7fea9c2fc0bf3b13f68113efa22c7ce3c /extensions
parent4ab5bc9f4c4ba4a7b20ebf00466f9b2de67f311d (diff)
downloadbugzilla-f6c4abda55c83a53d32d5958cc9c81a602423c89.tar.gz
bugzilla-f6c4abda55c83a53d32d5958cc9c81a602423c89.tar.xz
Bug 621107: [SECURITY] Sanity checking lacks CSRF protection
r=dkl a=LpSolit
Diffstat (limited to 'extensions')
-rw-r--r--extensions/Example/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl3
-rw-r--r--extensions/Voting/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl3
2 files changed, 4 insertions, 2 deletions
diff --git a/extensions/Example/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl b/extensions/Example/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl
index 8a825e57c..639752ed5 100644
--- a/extensions/Example/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl
+++ b/extensions/Example/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl
@@ -27,7 +27,8 @@
<a href="editusers.cgi?id=[% userid FILTER none %]">Edit this user</a>.
[% END %]
[% ELSIF san_tag == "example_check_au_user_prompt" %]
- <a href="sanitycheck.cgi?example_repair_au_user=1">Fix these users</a>.
+ <a href="sanitycheck.cgi?example_repair_au_user=1&amp;token=
+ [%- issue_hash_token(['sanitycheck']) FILTER uri %]">Fix these users</a>.
[% ELSIF san_tag == "example_repair_au_user_start" %]
<em>EXAMPLE PLUGIN</em> - OK, would now make users Australian.
[% ELSIF san_tag == "example_repair_au_user_end" %]
diff --git a/extensions/Voting/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl b/extensions/Voting/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl
index afb81d34c..bbf0350a1 100644
--- a/extensions/Voting/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl
+++ b/extensions/Voting/template/en/default/hook/admin/sanitycheck/messages-statuses.html.tmpl
@@ -19,7 +19,8 @@
#%]
[% IF san_tag == "voting_cache_rebuild_fix" %]
- <a href="sanitycheck.cgi?rebuild_vote_cache=1">Click here to
+ <a href="sanitycheck.cgi?rebuild_vote_cache=1&amp;token=
+ [%- issue_hash_token(['sanitycheck']) FILTER uri %]">Click here to
rebuild the vote cache</a>
[% ELSIF san_tag == "voting_cache_alert" %]