diff options
author | Simon Bennetts <psiinon@gmail.com> | 2018-04-04 19:21:33 +0200 |
---|---|---|
committer | Israel Madueme <purelogiq@gmail.com> | 2018-04-04 19:21:33 +0200 |
commit | fe259aba572e08df22557251ca9279f512f6862c (patch) | |
tree | 5f6428a14dd727c0c3136352413a0a28718f8cda /template/en/default/reports | |
parent | 3d6e2fb15c254d2d8fe75dc0307a4b0fd3e62865 (diff) | |
download | bugzilla-fe259aba572e08df22557251ca9279f512f6862c.tar.gz bugzilla-fe259aba572e08df22557251ca9279f512f6862c.tar.xz |
Bug 1446431 - Allow Baseline scan to ignore forms that dont need CSRF Tokens
The data-no-csrf attribute is used to signify that a form is 'safe' (ie
doesn't actually make any permanent changes) and so doesn't need an
anti-csrf token.
Diffstat (limited to 'template/en/default/reports')
-rw-r--r-- | template/en/default/reports/duplicates.html.tmpl | 4 | ||||
-rw-r--r-- | template/en/default/reports/old-charts.html.tmpl | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/template/en/default/reports/duplicates.html.tmpl b/template/en/default/reports/duplicates.html.tmpl index ff1c271fe..ed3e7b8ac 100644 --- a/template/en/default/reports/duplicates.html.tmpl +++ b/template/en/default/reports/duplicates.html.tmpl @@ -60,7 +60,7 @@ <h3 id="params">Change Parameters</h3> -<form method="get" action="duplicates.cgi"> +<form method="get" action="duplicates.cgi" data-no-csrf> <input type="hidden" name="sortby" value="[% sortby FILTER html %]"> <input type="hidden" name="reverse" value="[% reverse FILTER html %]"> <input type="hidden" name="bug_id" value="[% bug_ids_string FILTER html %]"> @@ -127,7 +127,7 @@ <input type="submit" id="change" value="Change"> </form> -<form method="post" action="buglist.cgi"> +<form method="post" action="buglist.cgi" data-no-csrf> <input type="hidden" name="bug_id" value="[% bug_ids_string FILTER html %]"> Or just give this to me as a <input type="submit" id="list" value="[% terms.bug %] list">. diff --git a/template/en/default/reports/old-charts.html.tmpl b/template/en/default/reports/old-charts.html.tmpl index 4bdc0cffa..38e17121b 100644 --- a/template/en/default/reports/old-charts.html.tmpl +++ b/template/en/default/reports/old-charts.html.tmpl @@ -32,7 +32,7 @@ <img src="[% url_image FILTER html %]"> <br clear="both"> [% ELSE %] - <form id="choose_product" method="get" action="reports.cgi"> + <form id="choose_product" method="get" action="reports.cgi" data-no-csrf> <table border="1" cellpadding="5" cellspacing="2"> <tr> <th>Product:</th> |