diff options
| author | lpsolit%gmail.com <> | 2006-10-15 07:02:09 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2006-10-15 07:02:09 +0200 |
| commit | 93815fc7619567cc962e053280c5ed0b19492feb (patch) | |
| tree | ffc99d8156c41fbd0d5ab8801324adead2ef4436 /template/en/default/admin/products | |
| parent | 6fcfcb93eda16108f71b4c96010bae95cde622cd (diff) | |
| download | bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.xz | |
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'template/en/default/admin/products')
4 files changed, 4 insertions, 0 deletions
diff --git a/template/en/default/admin/products/confirm-delete.html.tmpl b/template/en/default/admin/products/confirm-delete.html.tmpl index 75aeb623a..84f8da569 100644 --- a/template/en/default/admin/products/confirm-delete.html.tmpl +++ b/template/en/default/admin/products/confirm-delete.html.tmpl @@ -263,6 +263,7 @@ <input type="submit" id="delete" value="Yes, delete"> <input type="hidden" name="action" value="delete"> <input type="hidden" name="product" value="[% product.name FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="hidden" name="classification" value="[% classification.name FILTER html %]"> </form> diff --git a/template/en/default/admin/products/create.html.tmpl b/template/en/default/admin/products/create.html.tmpl index fd1ed34cc..5fb7d8bd1 100644 --- a/template/en/default/admin/products/create.html.tmpl +++ b/template/en/default/admin/products/create.html.tmpl @@ -57,6 +57,7 @@ <input type="hidden" name="subcategory" value="-All-"> <input type="hidden" name="open_name" value="All Open"> <input type="hidden" name="action" value="new"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="hidden" name="classification" value="[% classification.name FILTER html %]"> </form> diff --git a/template/en/default/admin/products/edit.html.tmpl b/template/en/default/admin/products/edit.html.tmpl index 105ec6e74..0371e3343 100644 --- a/template/en/default/admin/products/edit.html.tmpl +++ b/template/en/default/admin/products/edit.html.tmpl @@ -132,6 +132,7 @@ versions:</a> <input type="hidden" name="product_old_name" value="[% product.name FILTER html %]"> <input type="hidden" name="action" value="update"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="hidden" name="classification" value="[% classification.name FILTER html %]"> <input type="submit" name="submit" value="Update"> diff --git a/template/en/default/admin/products/groupcontrol/edit.html.tmpl b/template/en/default/admin/products/groupcontrol/edit.html.tmpl index 174d15869..32b5e9d8c 100644 --- a/template/en/default/admin/products/groupcontrol/edit.html.tmpl +++ b/template/en/default/admin/products/groupcontrol/edit.html.tmpl @@ -31,6 +31,7 @@ <form method="post" action="editproducts.cgi"> <input type="hidden" name="action" value="updategroupcontrols"> <input type="hidden" name="product" value="[% product.name FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="hidden" name="classification" value="[% classification.name FILTER html %]"> |