Bug 706271: CSRF vulnerability in token.cgi allows possible unauthorized password reset e-mail request

r=reed a=LpSolit
author: Frédéric Buclin <LpSolit@gmail.com> 2012-08-06 23:44:33 +0200
committer: Frédéric Buclin <LpSolit@gmail.com> 2012-08-06 23:44:33 +0200
commit: 2137f365677d836e3d3c55c81634d0f732fecdfe (patch)
tree: 6b54af2c845acd8588dbe41cfb84f347a69d8ee8 /template/en/default/account/auth/login.html.tmpl
parent: 94abbb03a8db4179bdd7fe5edccb077e8908d114 (diff)
download: bugzilla-2137f365677d836e3d3c55c81634d0f732fecdfe.tar.gz
bugzilla-2137f365677d836e3d3c55c81634d0f732fecdfe.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl
index 122ef6f7c..3de52b6a0 100644
--- a/template/en/default/account/auth/login.html.tmpl
+++ b/template/en/default/account/auth/login.html.tmpl
@@ -115,6 +115,7 @@
       enter your login name below and submit a request
       to change your password.<br>
       <input size="35" name="loginname">
+      <input type="hidden" id="token" name="token" value="[% issue_hash_token(['reqpw']) FILTER html %]">
       <input type="submit" id="request" value="Reset Password">
     </form>
   [% END %]
author	Frédéric Buclin <LpSolit@gmail.com>	2012-08-06 23:44:33 +0200
committer	Frédéric Buclin <LpSolit@gmail.com>	2012-08-06 23:44:33 +0200
commit	2137f365677d836e3d3c55c81634d0f732fecdfe (patch)
tree	6b54af2c845acd8588dbe41cfb84f347a69d8ee8 /template/en/default/account/auth/login.html.tmpl
parent	94abbb03a8db4179bdd7fe5edccb077e8908d114 (diff)
download	bugzilla-2137f365677d836e3d3c55c81634d0f732fecdfe.tar.gz bugzilla-2137f365677d836e3d3c55c81634d0f732fecdfe.tar.xz