Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk

3 files changed, 3 insertions, 2 deletions

diff --git a/template/en/default/admin/versions/confirm-delete.html.tmpl b/template/en/default/admin/versions/confirm-delete.html.tmpl
index feef86035..5d5fb8193 100644
--- a/template/en/default/admin/versions/confirm-delete.html.tmpl
+++ b/template/en/default/admin/versions/confirm-delete.html.tmpl
@@ -92,6 +92,7 @@
     <input type="hidden" name="action" value="delete">
     <input type="hidden" name="product" value="[% product.name FILTER html %]">
     <input type="hidden" name="version" value="[% version.name FILTER html %]">
+    <input type="hidden" name="token" value="[% token FILTER html %]">
   </form>
 
 [% END %]
diff --git a/template/en/default/admin/versions/create.html.tmpl b/template/en/default/admin/versions/create.html.tmpl
index 44d43cab4..c421ab12b 100644
--- a/template/en/default/admin/versions/create.html.tmpl
+++ b/template/en/default/admin/versions/create.html.tmpl
@@ -43,7 +43,7 @@
   <input type="submit" id="create" value="Add">
   <input type="hidden" name="action" value="new">
   <input type="hidden" name='product' value="[% product.name FILTER html %]">
-
+  <input type="hidden" name="token" value="[% token FILTER html %]">
 </form>
 
 <p>
diff --git a/template/en/default/admin/versions/edit.html.tmpl b/template/en/default/admin/versions/edit.html.tmpl
index 7f0de2677..cfdfd4981 100644
--- a/template/en/default/admin/versions/edit.html.tmpl
+++ b/template/en/default/admin/versions/edit.html.tmpl
@@ -48,8 +48,8 @@
   <input type="hidden" name="versionold" value="[% version.name FILTER html %]">
   <input type="hidden" name="action" value="update">
   <input type="hidden" name="product" value="[% product.name FILTER html %]">
+  <input type="hidden" name="token" value="[% token FILTER html %]">
   <input type="submit" id="update" value="Update">
-
 </form>
 
 <p>