diff options
author | lpsolit%gmail.com <> | 2009-02-02 19:48:38 +0100 |
---|---|---|
committer | lpsolit%gmail.com <> | 2009-02-02 19:48:38 +0100 |
commit | 44341577cd209d8c61fe4129ea72785fc7be9ee5 (patch) | |
tree | 794b09b93c8bb68d00b72f23872048a519d7dcaf /template/en/default/list/list.html.tmpl | |
parent | 95c875a4f1b3c7f5dc7de573551f24e72718506b (diff) | |
download | bugzilla-44341577cd209d8c61fe4129ea72785fc7be9ee5.tar.gz bugzilla-44341577cd209d8c61fe4129ea72785fc7be9ee5.tar.xz |
Bug 466748: [SECURITY] Shared/saved searches can be deleted without user confirmation using predictable URL - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=LpSolit
Diffstat (limited to 'template/en/default/list/list.html.tmpl')
-rw-r--r-- | template/en/default/list/list.html.tmpl | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/template/en/default/list/list.html.tmpl b/template/en/default/list/list.html.tmpl index 4929c416d..a75f1340c 100644 --- a/template/en/default/list/list.html.tmpl +++ b/template/en/default/list/list.html.tmpl @@ -228,8 +228,9 @@ <td valign="middle" nowrap="nowrap" class="bz_query_forget"> | <a href="buglist.cgi?cmdtype=dorem&remaction=forget&namedcmd= - [% searchname FILTER url_quote %]">Forget Search ' - [% searchname FILTER html %]'</a> + [% searchname FILTER url_quote %]&token= + [% issue_hash_token([search_id, searchname]) FILTER url_quote %]"> + Forget Search '[% searchname FILTER html %]'</a> </td> [% ELSE %] <td> </td> |