diff options
author | David Lawrence <dkl@mozilla.com> | 2015-04-24 17:56:26 +0200 |
---|---|---|
committer | David Lawrence <dkl@mozilla.com> | 2015-04-24 17:56:26 +0200 |
commit | 283be21f66e638667bc2ec7720cab459ecf1f698 (patch) | |
tree | cdbfbb79d503373bb2058a96f369cf75542dbe3b /template/en/default/admin | |
parent | ed92da4fed393bb0f645f7bad022d49fed336a2f (diff) | |
download | bugzilla-283be21f66e638667bc2ec7720cab459ecf1f698.tar.gz bugzilla-283be21f66e638667bc2ec7720cab459ecf1f698.tar.xz |
Bug 1157395: CSRF in log in form
Diffstat (limited to 'template/en/default/admin')
-rw-r--r-- | template/en/default/admin/sudo.html.tmpl | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/template/en/default/admin/sudo.html.tmpl b/template/en/default/admin/sudo.html.tmpl index c96a68ec1..9c0605567 100644 --- a/template/en/default/admin/sudo.html.tmpl +++ b/template/en/default/admin/sudo.html.tmpl @@ -82,9 +82,10 @@ <p> Finally, enter <label for="Bugzilla_password">your [% terms.Bugzilla %] password</label>: - <input type="hidden" name="Bugzilla_login" value=" - [%- user.login FILTER html %]"> + <input type="hidden" name="Bugzilla_login" value="[% user.login FILTER html %]"> <input type="password" id="Bugzilla_password" name="Bugzilla_password" size="20"> + <input type="hidden" name="Bugzilla_login_token" + value="[% login_request_token FILTER html %]"> <br> This is done for two reasons. First of all, it is done to reduce the chances of someone doing large amounts of damage using your |