Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk

3 files changed, 3 insertions, 2 deletions

diff --git a/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl b/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl
index d29c124d6..4cd001476 100644
--- a/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl
+++ b/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl
@@ -111,6 +111,7 @@
     <input type="hidden" name="action" value="delete">
     <input type="hidden" name="field" value="[% field FILTER html %]">
     <input type="hidden" name="value" value="[% value FILTER html %]">
+    <input type="hidden" name="token" value="[% token FILTER html %]">
   </form>
 
 [% END %]
diff --git a/template/en/default/admin/fieldvalues/create.html.tmpl b/template/en/default/admin/fieldvalues/create.html.tmpl
index c0d364416..2e87af053 100644
--- a/template/en/default/admin/fieldvalues/create.html.tmpl
+++ b/template/en/default/admin/fieldvalues/create.html.tmpl
@@ -42,7 +42,7 @@
   <input type="submit" id="create" value="Add">
   <input type="hidden" name="action" value="new">
   <input type="hidden" name='field' value="[% field FILTER html %]">
-
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p>
diff --git a/template/en/default/admin/fieldvalues/edit.html.tmpl b/template/en/default/admin/fieldvalues/edit.html.tmpl
index 362ed4753..7ff3c0e33 100644
--- a/template/en/default/admin/fieldvalues/edit.html.tmpl
+++ b/template/en/default/admin/fieldvalues/edit.html.tmpl
@@ -55,8 +55,8 @@
   <input type="hidden" name="sortkeyold" value="[% sortkey FILTER html %]">
   <input type="hidden" name="action" value="update">
   <input type="hidden" name="field" value="[% field FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="submit" id="update" value="Update">
-
 </form>
 
 <p>