diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-08-06 23:41:47 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-08-06 23:41:47 +0200 |
commit | aefdf269ff52f02c16a350329f485c041479507e (patch) | |
tree | 7e85a557856831bc141467b831da5c4b5cbb3966 /template/en/default/account/auth/login-small.html.tmpl | |
parent | 27c63156086ffae3486ec16babe81abdced65be3 (diff) | |
download | bugzilla-aefdf269ff52f02c16a350329f485c041479507e.tar.gz bugzilla-aefdf269ff52f02c16a350329f485c041479507e.tar.xz |
Bug 706271: CSRF vulnerability in token.cgi allows possible unauthorized password reset e-mail request
r=reed a=LpSolit
Diffstat (limited to 'template/en/default/account/auth/login-small.html.tmpl')
-rw-r--r-- | template/en/default/account/auth/login-small.html.tmpl | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/template/en/default/account/auth/login-small.html.tmpl b/template/en/default/account/auth/login-small.html.tmpl index c922e94ac..19269ea49 100644 --- a/template/en/default/account/auth/login-small.html.tmpl +++ b/template/en/default/account/auth/login-small.html.tmpl @@ -20,8 +20,8 @@ [% IF cgi.request_method == "GET" AND cgi.query_string %] [% connector = "&" %] [% END %] - [% script_name = login_target _ connector _ "GoAheadAndLogIn=1" %] - <a id="login_link[% qs_suffix %]" href="[% script_name FILTER html %]" + [% script_url = login_target _ connector _ "GoAheadAndLogIn=1" %] + <a id="login_link[% qs_suffix %]" href="[% script_url FILTER html %]" onclick="return show_mini_login_form('[% qs_suffix %]')">Log In</a> [% Hook.process('additional_methods') %] @@ -98,7 +98,7 @@ </li> <li id="forgot_container[% qs_suffix %]"> <span class="separator">| </span> - <a id="forgot_link[% qs_suffix %]" href="[% script_name FILTER html %]#forgot" + <a id="forgot_link[% qs_suffix %]" href="[% script_url FILTER html %]#forgot" onclick="return show_forgot_form('[% qs_suffix %]')">Forgot Password</a> <form action="token.cgi" method="post" id="forgot_form[% qs_suffix %]" class="mini_forgot bz_default_hidden"> @@ -107,6 +107,7 @@ <input id="forgot_button[% qs_suffix %]" value="Reset Password" type="submit"> <input type="hidden" name="a" value="reqpw"> + <input type="hidden" id="token" name="token" value="[% issue_hash_token(['reqpw']) FILTER html %]"> <a href="#" onclick="return hide_forgot_form('[% qs_suffix %]')">[x]</a> </form> </li> |