diff options
author | David Lawrence <dkl@mozilla.com> | 2014-11-04 04:11:09 +0100 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2014-11-04 04:11:09 +0100 |
commit | 4e1941fedbe46bafce9aded3a0a38d272fec37a2 (patch) | |
tree | 633351ada50932ec6b747705b95e0bd04e39f05e /template/en/default/account/auth | |
parent | d6ee5ade172abe24389aca15eba9fe922b5697c7 (diff) | |
download | bugzilla-4e1941fedbe46bafce9aded3a0a38d272fec37a2.tar.gz bugzilla-4e1941fedbe46bafce9aded3a0a38d272fec37a2.tar.xz |
Bug 1090427: Backport bug 713926 to bmo/4.2 to protect against csrf for login forms
Diffstat (limited to 'template/en/default/account/auth')
-rw-r--r-- | template/en/default/account/auth/login-small.html.tmpl | 4 | ||||
-rw-r--r-- | template/en/default/account/auth/login.html.tmpl | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/template/en/default/account/auth/login-small.html.tmpl b/template/en/default/account/auth/login-small.html.tmpl index 220eb5f21..111aca0dd 100644 --- a/template/en/default/account/auth/login-small.html.tmpl +++ b/template/en/default/account/auth/login-small.html.tmpl @@ -72,7 +72,9 @@ [%+ "checked" IF Param('rememberlogin') == "defaulton" %]> <label for="Bugzilla_remember[% qs_suffix %]">Remember</label> [% END %] - <input type="submit" name="GoAheadAndLogIn" value="Log in" + <input type="hidden" name="Bugzilla_login_token" + value="[% get_login_request_token() FILTER html %]"> + <input type="submit" name="GoAheadAndLogIn" value="Log in" id="log_in[% qs_suffix %]"> <a href="#" id="hide_mini_login[% qs_suffix FILTER html %]" onclick="return hide_mini_login_form('[% qs_suffix %]')">[x]</a> diff --git a/template/en/default/account/auth/login.html.tmpl b/template/en/default/account/auth/login.html.tmpl index 0aac403a5..4501a3962 100644 --- a/template/en/default/account/auth/login.html.tmpl +++ b/template/en/default/account/auth/login.html.tmpl @@ -83,8 +83,10 @@ [% PROCESS "global/hidden-fields.html.tmpl" exclude="^Bugzilla_(login|password|restrictlogin)$" %] + <input type="hidden" name="Bugzilla_login_token" + value="[% get_login_request_token() FILTER html %]"> <input type="submit" name="GoAheadAndLogIn" value="Log in" id="log_in"> - + <p> (Note: you should make sure cookies are enabled for this site. Otherwise, you will be required to log in frequently.) |