diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-08-06 23:44:33 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-08-06 23:44:33 +0200 |
commit | 2137f365677d836e3d3c55c81634d0f732fecdfe (patch) | |
tree | 6b54af2c845acd8588dbe41cfb84f347a69d8ee8 /template/en/default/account/auth/login.html.tmpl | |
parent | 94abbb03a8db4179bdd7fe5edccb077e8908d114 (diff) | |
download | bugzilla-2137f365677d836e3d3c55c81634d0f732fecdfe.tar.gz bugzilla-2137f365677d836e3d3c55c81634d0f732fecdfe.tar.xz |
Bug 706271: CSRF vulnerability in token.cgi allows possible unauthorized password reset e-mail request
r=reed a=LpSolit
Diffstat (limited to 'template/en/default/account/auth/login.html.tmpl')
-rw-r--r-- | template/en/default/account/auth/login.html.tmpl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl index 122ef6f7c..3de52b6a0 100644 --- a/template/en/default/account/auth/login.html.tmpl +++ b/template/en/default/account/auth/login.html.tmpl @@ -115,6 +115,7 @@ enter your login name below and submit a request to change your password.<br> <input size="35" name="loginname"> + <input type="hidden" id="token" name="token" value="[% issue_hash_token(['reqpw']) FILTER html %]"> <input type="submit" id="request" value="Reset Password"> </form> [% END %] |