Bug 1157395: CSRF in log in form

author: David Lawrence <dkl@mozilla.com> 2015-04-24 17:56:26 +0200
committer: David Lawrence <dkl@mozilla.com> 2015-04-24 17:56:26 +0200
commit: 283be21f66e638667bc2ec7720cab459ecf1f698 (patch)
tree: cdbfbb79d503373bb2058a96f369cf75542dbe3b /template/en/default/global
parent: ed92da4fed393bb0f645f7bad022d49fed336a2f (diff)
download: bugzilla-283be21f66e638667bc2ec7720cab459ecf1f698.tar.gz
bugzilla-283be21f66e638667bc2ec7720cab459ecf1f698.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 250ab0e1d..5e83eef14 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -244,6 +244,15 @@
 
     [% Hook.process("auth_failure") %]
 
+  [% ELSIF error == "auth_untrusted_request" %]
+    [% title = "Untrusted Authentication Request" %]
+    You tried to log in using the <em>[% login FILTER html %]</em> account,
+    but [% terms.Bugzilla %] is unable to trust your request. Make sure
+    your web browser accepts cookies and that you haven't been redirected
+    here from an external web site.
+    <a href="index.cgi?GoAheadAndLogIn=1">Click here</a> if you really want
+    to log in.
+
   [% ELSIF error == "auth_invalid_token" %]
     [% title = 'A token error occurred' %]
     The token is not valid. It could be because you loaded this page more than
author	David Lawrence <dkl@mozilla.com>	2015-04-24 17:56:26 +0200
committer	David Lawrence <dkl@mozilla.com>	2015-04-24 17:56:26 +0200
commit	283be21f66e638667bc2ec7720cab459ecf1f698 (patch)
tree	cdbfbb79d503373bb2058a96f369cf75542dbe3b /template/en/default/global
parent	ed92da4fed393bb0f645f7bad022d49fed336a2f (diff)
download	bugzilla-283be21f66e638667bc2ec7720cab459ecf1f698.tar.gz bugzilla-283be21f66e638667bc2ec7720cab459ecf1f698.tar.xz