diff options
author | Frédéric Buclin <LpSolit@gmail.com> | 2012-08-06 23:41:47 +0200 |
---|---|---|
committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-08-06 23:41:47 +0200 |
commit | aefdf269ff52f02c16a350329f485c041479507e (patch) | |
tree | 7e85a557856831bc141467b831da5c4b5cbb3966 /template/en/default/account/auth/login.html.tmpl | |
parent | 27c63156086ffae3486ec16babe81abdced65be3 (diff) | |
download | bugzilla-aefdf269ff52f02c16a350329f485c041479507e.tar.gz bugzilla-aefdf269ff52f02c16a350329f485c041479507e.tar.xz |
Bug 706271: CSRF vulnerability in token.cgi allows possible unauthorized password reset e-mail request
r=reed a=LpSolit
Diffstat (limited to 'template/en/default/account/auth/login.html.tmpl')
-rw-r--r-- | template/en/default/account/auth/login.html.tmpl | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl index d0a0ef871..0a8a3d3b8 100644 --- a/template/en/default/account/auth/login.html.tmpl +++ b/template/en/default/account/auth/login.html.tmpl @@ -108,6 +108,7 @@ enter your login name below and submit a request to change your password.<br> <input size="35" name="loginname"> + <input type="hidden" id="token" name="token" value="[% issue_hash_token(['reqpw']) FILTER html %]"> <input type="submit" id="request" value="Reset Password"> </form> [% END %] |