Bug 1090427: Backport bug 713926 to bmo/4.2 to protect against csrf for login forms

author: David Lawrence <dkl@mozilla.com> 2014-11-04 04:11:09 +0100
committer: Byron Jones <glob@mozilla.com> 2014-11-04 04:11:09 +0100
commit: 4e1941fedbe46bafce9aded3a0a38d272fec37a2 (patch)
tree: 633351ada50932ec6b747705b95e0bd04e39f05e /template/en/default/global/user-error.html.tmpl
parent: d6ee5ade172abe24389aca15eba9fe922b5697c7 (diff)
download: bugzilla-4e1941fedbe46bafce9aded3a0a38d272fec37a2.tar.gz
bugzilla-4e1941fedbe46bafce9aded3a0a38d272fec37a2.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index cddf1c5b7..a39bb91b7 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -233,6 +233,15 @@
 
     [% Hook.process("auth_failure") %]
 
+  [% ELSIF error == "auth_untrusted_request" %]
+    [% title = "Untrusted Authentication Request" %]
+    You tried to log in using the <em>[% login FILTER html %]</em> account,
+    but [% terms.Bugzilla %] is unable to trust your request. Make sure
+    your web browser accepts cookies and that you haven't been redirected
+    here from an external web site.
+    <a href="index.cgi?GoAheadAndLogIn=1">Click here</a> if you really want
+    to log in.
+
   [% ELSIF error == "attachment_deletion_disabled" %]
     [% title = "Attachment Deletion Disabled" %]
     Attachment deletion is disabled on this installation.
author	David Lawrence <dkl@mozilla.com>	2014-11-04 04:11:09 +0100
committer	Byron Jones <glob@mozilla.com>	2014-11-04 04:11:09 +0100
commit	4e1941fedbe46bafce9aded3a0a38d272fec37a2 (patch)
tree	633351ada50932ec6b747705b95e0bd04e39f05e /template/en/default/global/user-error.html.tmpl
parent	d6ee5ade172abe24389aca15eba9fe922b5697c7 (diff)
download	bugzilla-4e1941fedbe46bafce9aded3a0a38d272fec37a2.tar.gz bugzilla-4e1941fedbe46bafce9aded3a0a38d272fec37a2.tar.xz