Bug 754673 - CSRF vulnerability in query.cgi allows possible unauthorized use of "Set my default search back to the system default"

[r=LpSolit a=LpSolit]
author: Reed Loden <reed@reedloden.com> 2012-05-29 16:52:31 +0200
committer: Reed Loden <reed@reedloden.com> 2012-05-29 16:52:31 +0200
commit: 3004a5e322c3a95c7e51978b917f1547c382bac9 (patch)
tree: 42b14a780baf09a83b2e6fe872a4f6a64f45a7d7 /template/en/default/search
parent: 6bf31c24a131b4a1694ce7c9686b85cfc6195532 (diff)
download: bugzilla-3004a5e322c3a95c7e51978b917f1547c382bac9.tar.gz
bugzilla-3004a5e322c3a95c7e51978b917f1547c382bac9.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/template/en/default/search/knob.html.tmpl b/template/en/default/search/knob.html.tmpl
index 17ff63a10..a50f6bd32 100644
--- a/template/en/default/search/knob.html.tmpl
+++ b/template/en/default/search/knob.html.tmpl
@@ -79,7 +79,8 @@
         
 [% IF userdefaultquery %]
   <p>
-    <a href="query.cgi?nukedefaultquery=1">
+    <a href="query.cgi?nukedefaultquery=1&amp;token=
+       [%- issue_hash_token(['nukedefaultquery']) FILTER uri %]">
       Set my default search back to the system default</a>.
   </p>
 [% END %]
author	Reed Loden <reed@reedloden.com>	2012-05-29 16:52:31 +0200
committer	Reed Loden <reed@reedloden.com>	2012-05-29 16:52:31 +0200
commit	3004a5e322c3a95c7e51978b917f1547c382bac9 (patch)
tree	42b14a780baf09a83b2e6fe872a4f6a64f45a7d7 /template/en/default/search
parent	6bf31c24a131b4a1694ce7c9686b85cfc6195532 (diff)
download	bugzilla-3004a5e322c3a95c7e51978b917f1547c382bac9.tar.gz bugzilla-3004a5e322c3a95c7e51978b917f1547c382bac9.tar.xz