diff options
author | Reed Loden <reed@reedloden.com> | 2012-05-29 16:50:08 +0200 |
---|---|---|
committer | Reed Loden <reed@reedloden.com> | 2012-05-29 16:50:08 +0200 |
commit | 19b514899d02fde1c53916fe0c0a364548c6ab8d (patch) | |
tree | 90e1c43a55d5ba19e7308b8f9a28cb44025a8009 /template/en/default | |
parent | a196f9ce707424901a8d26262c441f56650784f8 (diff) | |
download | bugzilla-19b514899d02fde1c53916fe0c0a364548c6ab8d.tar.gz bugzilla-19b514899d02fde1c53916fe0c0a364548c6ab8d.tar.xz |
Bug 754673 - CSRF vulnerability in query.cgi allows possible unauthorized use of "Set my default search back to the system default"
[r=LpSolit a=LpSolit]
Diffstat (limited to 'template/en/default')
-rw-r--r-- | template/en/default/search/knob.html.tmpl | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/template/en/default/search/knob.html.tmpl b/template/en/default/search/knob.html.tmpl index 78479e7bf..723825a3c 100644 --- a/template/en/default/search/knob.html.tmpl +++ b/template/en/default/search/knob.html.tmpl @@ -62,7 +62,8 @@ [% IF userdefaultquery %] <p> - <a href="query.cgi?nukedefaultquery=1"> + <a href="query.cgi?nukedefaultquery=1&token= + [%- issue_hash_token(['nukedefaultquery']) FILTER uri %]"> Set my default search back to the system default</a>. </p> [% END %] |