summaryrefslogtreecommitdiffstats
path: root/template/en/default/admin
diff options
context:
space:
mode:
authorDavid Lawrence <dkl@mozilla.com>2014-11-04 04:11:09 +0100
committerByron Jones <glob@mozilla.com>2014-11-04 04:11:09 +0100
commit4e1941fedbe46bafce9aded3a0a38d272fec37a2 (patch)
tree633351ada50932ec6b747705b95e0bd04e39f05e /template/en/default/admin
parentd6ee5ade172abe24389aca15eba9fe922b5697c7 (diff)
downloadbugzilla-4e1941fedbe46bafce9aded3a0a38d272fec37a2.tar.gz
bugzilla-4e1941fedbe46bafce9aded3a0a38d272fec37a2.tar.xz
Bug 1090427: Backport bug 713926 to bmo/4.2 to protect against csrf for login forms
Diffstat (limited to 'template/en/default/admin')
-rw-r--r--template/en/default/admin/sudo.html.tmpl5
1 files changed, 3 insertions, 2 deletions
diff --git a/template/en/default/admin/sudo.html.tmpl b/template/en/default/admin/sudo.html.tmpl
index 676959c34..beb7ba510 100644
--- a/template/en/default/admin/sudo.html.tmpl
+++ b/template/en/default/admin/sudo.html.tmpl
@@ -81,9 +81,10 @@
<p>
Finally, enter <label for="Bugzilla_password">your [% terms.Bugzilla %]
password</label>:
- <input type="hidden" name="Bugzilla_login" value="
- [%- user.login FILTER html %]">
+ <input type="hidden" name="Bugzilla_login" value="[% user.login FILTER html %]">
<input type="password" id="Bugzilla_password" name="Bugzilla_password" size="20">
+ <input type="hidden" name="Bugzilla_login_token"
+ value="[% login_request_token FILTER html %]">
<br>
This is done for two reasons. First of all, it is done to reduce
the chances of someone doing large amounts of damage using your