Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk

3 files changed, 3 insertions, 0 deletions

diff --git a/template/en/default/admin/keywords/confirm-delete.html.tmpl b/template/en/default/admin/keywords/confirm-delete.html.tmpl
index 89123e2bf..0d68524d7 100755
--- a/template/en/default/admin/keywords/confirm-delete.html.tmpl
+++ b/template/en/default/admin/keywords/confirm-delete.html.tmpl
@@ -45,6 +45,7 @@
   <input type="hidden" name="id" value="[% keyword.id FILTER html %]">
   <input type="hidden" name="action" value="delete">
   <input type="hidden" name="reallydelete" value="1">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="submit" id="delete"
          value="Yes, really delete the keyword">
 </form>
diff --git a/template/en/default/admin/keywords/create.html.tmpl b/template/en/default/admin/keywords/create.html.tmpl
index 103aa03b2..45d97819e 100755
--- a/template/en/default/admin/keywords/create.html.tmpl
+++ b/template/en/default/admin/keywords/create.html.tmpl
@@ -51,6 +51,7 @@
   <input type="hidden" name="id" value="-1">
   <input type="submit" id="create" value="Add">
   <input type="hidden" name="action" value="new">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p><a href="editkeywords.cgi">Edit other keywords</a>.</p>
diff --git a/template/en/default/admin/keywords/edit.html.tmpl b/template/en/default/admin/keywords/edit.html.tmpl
index 0d3beaf33..81f072b8b 100755
--- a/template/en/default/admin/keywords/edit.html.tmpl
+++ b/template/en/default/admin/keywords/edit.html.tmpl
@@ -66,6 +66,7 @@
   <input type="submit" id="update" value="Update">
   <input type="hidden" name="action" value="update">
   <input type="hidden" name="id" value="[% keyword.id FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p><a href="editkeywords.cgi">Edit other keywords</a>.</p>