diff options
author | David Lawrence <dkl@mozilla.com> | 2014-11-04 04:11:09 +0100 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2014-11-04 04:11:09 +0100 |
commit | 4e1941fedbe46bafce9aded3a0a38d272fec37a2 (patch) | |
tree | 633351ada50932ec6b747705b95e0bd04e39f05e /template/en/default/admin | |
parent | d6ee5ade172abe24389aca15eba9fe922b5697c7 (diff) | |
download | bugzilla-4e1941fedbe46bafce9aded3a0a38d272fec37a2.tar.gz bugzilla-4e1941fedbe46bafce9aded3a0a38d272fec37a2.tar.xz |
Bug 1090427: Backport bug 713926 to bmo/4.2 to protect against csrf for login forms
Diffstat (limited to 'template/en/default/admin')
-rw-r--r-- | template/en/default/admin/sudo.html.tmpl | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/template/en/default/admin/sudo.html.tmpl b/template/en/default/admin/sudo.html.tmpl index 676959c34..beb7ba510 100644 --- a/template/en/default/admin/sudo.html.tmpl +++ b/template/en/default/admin/sudo.html.tmpl @@ -81,9 +81,10 @@ <p> Finally, enter <label for="Bugzilla_password">your [% terms.Bugzilla %] password</label>: - <input type="hidden" name="Bugzilla_login" value=" - [%- user.login FILTER html %]"> + <input type="hidden" name="Bugzilla_login" value="[% user.login FILTER html %]"> <input type="password" id="Bugzilla_password" name="Bugzilla_password" size="20"> + <input type="hidden" name="Bugzilla_login_token" + value="[% login_request_token FILTER html %]"> <br> This is done for two reasons. First of all, it is done to reduce the chances of someone doing large amounts of damage using your |