diff options
author | lpsolit%gmail.com <> | 2006-10-15 07:02:09 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2006-10-15 07:02:09 +0200 |
commit | 93815fc7619567cc962e053280c5ed0b19492feb (patch) | |
tree | ffc99d8156c41fbd0d5ab8801324adead2ef4436 /template/en/default | |
parent | 6fcfcb93eda16108f71b4c96010bae95cde622cd (diff) | |
download | bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.xz |
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'template/en/default')
39 files changed, 140 insertions, 39 deletions
diff --git a/template/en/default/admin/classifications/add.html.tmpl b/template/en/default/admin/classifications/add.html.tmpl index 15b8fc3a2..d549bbc79 100644 --- a/template/en/default/admin/classifications/add.html.tmpl +++ b/template/en/default/admin/classifications/add.html.tmpl @@ -49,6 +49,7 @@ <hr> <input type=submit value="Add"> <input type=hidden name="action" value="new"> + <input type="hidden" name="token" value="[% token FILTER html %]"> </FORM> <p>Back to the <a href="./">main [% terms.bugs %] page</a> diff --git a/template/en/default/admin/classifications/del.html.tmpl b/template/en/default/admin/classifications/del.html.tmpl index 84c3cb197..ffb8fe065 100644 --- a/template/en/default/admin/classifications/del.html.tmpl +++ b/template/en/default/admin/classifications/del.html.tmpl @@ -56,6 +56,7 @@ <input type=submit value="Yes, delete"> <input type=hidden name="action" value="delete"> <input type=hidden name="classification" value="[% classification.name FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> <p>Back to the <a href="./">main [% terms.bugs %] page</a> diff --git a/template/en/default/admin/classifications/edit.html.tmpl b/template/en/default/admin/classifications/edit.html.tmpl index b56a401f4..923a79f5e 100644 --- a/template/en/default/admin/classifications/edit.html.tmpl +++ b/template/en/default/admin/classifications/edit.html.tmpl @@ -77,6 +77,7 @@ <input type=hidden name="classificationold" value="[% classification.name FILTER html %]"> <input type=hidden name="action" value="update"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type=submit value="Update"> </form> diff --git a/template/en/default/admin/classifications/reclassify.html.tmpl b/template/en/default/admin/classifications/reclassify.html.tmpl index 0db2fc265..113c6f630 100644 --- a/template/en/default/admin/classifications/reclassify.html.tmpl +++ b/template/en/default/admin/classifications/reclassify.html.tmpl @@ -82,6 +82,7 @@ <input type=hidden name="action" value="reclassify"> <input type=hidden name="classification" value="[% classification.name FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> <p>Back to the <a href="./">main [% terms.bugs %] page</a>, diff --git a/template/en/default/admin/components/confirm-delete.html.tmpl b/template/en/default/admin/components/confirm-delete.html.tmpl index e7e00636e..1d7553f83 100644 --- a/template/en/default/admin/components/confirm-delete.html.tmpl +++ b/template/en/default/admin/components/confirm-delete.html.tmpl @@ -150,6 +150,7 @@ <input type="hidden" name="action" value="delete"> <input type="hidden" name="product" value="[% product.name FILTER html %]"> <input type="hidden" name="component" value="[% comp.name FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> [% END %] diff --git a/template/en/default/admin/components/create.html.tmpl b/template/en/default/admin/components/create.html.tmpl index 013ee861e..9b4a19bf0 100644 --- a/template/en/default/admin/components/create.html.tmpl +++ b/template/en/default/admin/components/create.html.tmpl @@ -102,7 +102,7 @@ <input type="hidden" name='open_name' value='All Open'> <input type="hidden" name='nonopen_name' value='All Closed'> <input type="hidden" name='product' value="[% product.name FILTER html %]"> - + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> [% PROCESS admin/components/footer.html.tmpl %] diff --git a/template/en/default/admin/components/edit.html.tmpl b/template/en/default/admin/components/edit.html.tmpl index 6ee3a69fe..81a6e9fc2 100644 --- a/template/en/default/admin/components/edit.html.tmpl +++ b/template/en/default/admin/components/edit.html.tmpl @@ -119,6 +119,7 @@ <input type="hidden" name="action" value="update"> <input type="hidden" name="componentold" value="[% comp.name FILTER html %]"> <input type="hidden" name="product" value="[% product.name FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="submit" value="Update" id="update"> or <a href="editcomponents.cgi?action=del&product= [%- product.name FILTER url_quote %]&component= diff --git a/template/en/default/admin/confirm-action.html.tmpl b/template/en/default/admin/confirm-action.html.tmpl new file mode 100644 index 000000000..6e8caa6ac --- /dev/null +++ b/template/en/default/admin/confirm-action.html.tmpl @@ -0,0 +1,97 @@ +[%# 1.0@bugzilla.org %] +[%# The contents of this file are subject to the Mozilla Public + # License Version 1.1 (the "License"); you may not use this file + # except in compliance with the License. You may obtain a copy of + # the License at http://www.mozilla.org/MPL/ + # + # Software distributed under the License is distributed on an "AS + # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + # implied. See the License for the specific language governing + # rights and limitations under the License. + # + # The Original Code is the Bugzilla Bug Tracking System. + # + # The Initial Developer of the Original Code is Frédéric Buclin. + # + # Contributor(s): Frédéric Buclin <LpSolit@gmail.com> + #%] + +[%# INTERFACE: + # abuser: identity of the user who created the (invalid?) token. + # token_action: the action the token was supposed to serve. + # expected_action: the action the user was going to do. + # script_name: the script generating this warning. + #%] + +[% PROCESS "global/field-descs.none.tmpl" %] + +[% PROCESS global/header.html.tmpl title = "Suspicious Action" + style_urls = ['skins/standard/global.css'] %] + +[% IF abuser %] + <div class="throw_error"> + <p>When you view an administrative form in [% terms.Bugzilla %], a token string + is randomly generated and stored both in the database and in the form you loaded, + to make sure that the requested changes are being made as a result of submitting + a form generated by [% terms.Bugzilla %]. Unfortunately, the token used right now + is incorrect, meaning that it looks like you didn't come from the right page. + The following token has been used :</p> + + <table border="0" cellpadding="5" cellspacing="0"> + [% IF token_action != expected_action %] + <tr> + <th>Action stored:</th> + <td>[% token_action FILTER html %]</td> + </tr> + <tr> + <th> </th> + <td> + This action doesn't match the one expected ([% expected_action FILTER html %]). + </td> + </tr> + [% END %] + + [% IF abuser != user.identity %] + <tr> + <th>Generated by:</th> + <td>[% abuser FILTER html %]</td> + </tr> + <tr> + <th> </th> + <td> + This token has not been generated by you. It is possible that someone + tried to trick you! + </td> + </tr> + [% END %] + </table> + + <p>Please report this problem to [%+ Param("maintainer") FILTER html %].</p> + </div> +[% ELSE %] + <div class="throw_error"> + It looks like you didn't come from the right page (you have no valid token for + the <em>[% expected_action FILTER html %]</em> action while processing the + '[% script_name FILTER html%]' script). The reason could be one of:<br> + <ul> + <li>You clicked the "Back" button of your web browser after having successfully + submitted changes, which is generally not a good idea (but harmless).</li> + <li>You entered the URL in the address bar of your web browser directly, + which should be safe.</li> + <li>You clicked on a URL which redirected you here <b>without your consent</b>, + in which case this action is much more critical.</li> + </ul> + Are you sure you want to commit these changes anyway? This may result in + unexpected and undesired results. + </div> + + <form name="check" id="check" method="post" action="[% script_name FILTER html %]"> + [% PROCESS "global/hidden-fields.html.tmpl" + exclude="^(Bugzilla_login|Bugzilla_password)$" %] + <input type="submit" id="confirm" value="Confirm Changes"> + </form> + <p>Or throw away these changes and go back to <a href="[% script_name FILTER html %]"> + [%- script_name FILTER html %]</a>.</p> +[% END %] + +[% PROCESS global/footer.html.tmpl %] diff --git a/template/en/default/admin/custom_fields/create.html.tmpl b/template/en/default/admin/custom_fields/create.html.tmpl index e8b66deca..995c4d0a9 100644 --- a/template/en/default/admin/custom_fields/create.html.tmpl +++ b/template/en/default/admin/custom_fields/create.html.tmpl @@ -102,6 +102,7 @@ </table> <br> <input type="hidden" name="action" value="new"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="submit" id="create" value="Create"> </form> diff --git a/template/en/default/admin/custom_fields/edit.html.tmpl b/template/en/default/admin/custom_fields/edit.html.tmpl index 6ffa3d89d..2165ac323 100644 --- a/template/en/default/admin/custom_fields/edit.html.tmpl +++ b/template/en/default/admin/custom_fields/edit.html.tmpl @@ -98,6 +98,7 @@ <br> <input type="hidden" name="action" value="update"> <input type="hidden" name="name" value="[% field.name FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="submit" id="edit" value="Submit"> </form> diff --git a/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl b/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl index d29c124d6..4cd001476 100644 --- a/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl +++ b/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl @@ -111,6 +111,7 @@ <input type="hidden" name="action" value="delete"> <input type="hidden" name="field" value="[% field FILTER html %]"> <input type="hidden" name="value" value="[% value FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> [% END %] diff --git a/template/en/default/admin/fieldvalues/create.html.tmpl b/template/en/default/admin/fieldvalues/create.html.tmpl index c0d364416..2e87af053 100644 --- a/template/en/default/admin/fieldvalues/create.html.tmpl +++ b/template/en/default/admin/fieldvalues/create.html.tmpl @@ -42,7 +42,7 @@ <input type="submit" id="create" value="Add"> <input type="hidden" name="action" value="new"> <input type="hidden" name='field' value="[% field FILTER html %]"> - + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> <p> diff --git a/template/en/default/admin/fieldvalues/edit.html.tmpl b/template/en/default/admin/fieldvalues/edit.html.tmpl index 362ed4753..7ff3c0e33 100644 --- a/template/en/default/admin/fieldvalues/edit.html.tmpl +++ b/template/en/default/admin/fieldvalues/edit.html.tmpl @@ -55,8 +55,8 @@ <input type="hidden" name="sortkeyold" value="[% sortkey FILTER html %]"> <input type="hidden" name="action" value="update"> <input type="hidden" name="field" value="[% field FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="submit" id="update" value="Update"> - </form> <p> diff --git a/template/en/default/admin/flag-type/confirm-delete.html.tmpl b/template/en/default/admin/flag-type/confirm-delete.html.tmpl index fda34e3b1..0af9fb5a2 100644 --- a/template/en/default/admin/flag-type/confirm-delete.html.tmpl +++ b/template/en/default/admin/flag-type/confirm-delete.html.tmpl @@ -21,18 +21,16 @@ [% PROCESS global/variables.none.tmpl %] -[%# Filter off the name here to be used multiple times below %] -[% name = BLOCK %][% flag_type.name FILTER html %][% END %] +[% title = BLOCK %]Confirm Deletion of Flag Type '[% flag_type.name FILTER html %]'[% END %] -[% PROCESS global/header.html.tmpl - title = "Confirm Deletion of Flag Type '$name'" -%] +[% PROCESS global/header.html.tmpl title = title %] <p> - There are [% flag_type.flag_count %] flags of type [% name FILTER html %]. + There are [% flag_type.flag_count %] flags of type [% flag_type.name FILTER html %]. If you delete this type, those flags will also be deleted. Note that instead of deleting the type you can - <a href="editflagtypes.cgi?action=deactivate&id=[% flag_type.id %]">deactivate it</a>, + <a href="editflagtypes.cgi?action=deactivate&id=[% flag_type.id %]&token= + [%- token FILTER html %]">deactivate it</a>, in which case the type and its flags will remain in the database but will not appear in the [% terms.Bugzilla %] UI. </p> @@ -45,8 +43,8 @@ </tr> <tr> <td> - <a href="editflagtypes.cgi?action=delete&id=[% flag_type.id %]"> - Yes, delete + <a href="editflagtypes.cgi?action=delete&id=[% flag_type.id %]&token= + [%- token FILTER html %]">Yes, delete </a> </td> <td align="right"> diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl index 942fb3b09..e78c83643 100644 --- a/template/en/default/admin/flag-type/edit.html.tmpl +++ b/template/en/default/admin/flag-type/edit.html.tmpl @@ -53,6 +53,7 @@ <form method="post" action="editflagtypes.cgi"> <input type="hidden" name="action" value="[% action %]"> <input type="hidden" name="id" value="[% type.id %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="hidden" name="target_type" value="[% type.target_type %]"> [% FOREACH category = type.inclusions %] <input type="hidden" name="inclusions" value="[% category.value FILTER html %]"> diff --git a/template/en/default/admin/flag-type/list.html.tmpl b/template/en/default/admin/flag-type/list.html.tmpl index 94fe3da0c..3346f9570 100644 --- a/template/en/default/admin/flag-type/list.html.tmpl +++ b/template/en/default/admin/flag-type/list.html.tmpl @@ -101,25 +101,6 @@ <a href="editflagtypes.cgi?action=enter&target_type=attachment">Create Flag Type For Attachments</a> </p> -<script type="text/javascript"> - <!-- - function confirmDelete(id, name, count) - { - if (count > 0) { - var msg = 'There are ' + count + ' flags of type ' + name + '. ' + - 'If you delete this type, those flags will also be ' + - 'deleted.\n\nNote: to deactivate the type instead ' + - 'of deleting it, edit it and uncheck its "is active" ' + - 'flag.\n\nDo you really want to delete this flag type?'; - if (!confirm(msg)) return false; - } - location.href = "editflagtypes.cgi?action=delete&id=" + id; - return false; // prevent strict JavaScript warning that this function - // does not always return a value - } - //--> -</script> - [% PROCESS global/footer.html.tmpl %] @@ -157,9 +138,7 @@ <td>[% IF type.request_group %][% type.request_group.name FILTER html %][% END %]</td> <td> <a href="editflagtypes.cgi?action=copy&id=[% type.id %]">Copy</a> - | <a href="editflagtypes.cgi?action=confirmdelete&id=[% type.id %]" - onclick="return confirmDelete([% type.id %], '[% type.name FILTER js FILTER html %]', - [% type.flag_count %]);">Delete</a> + | <a href="editflagtypes.cgi?action=confirmdelete&id=[% type.id %]">Delete</a> </td> </tr> diff --git a/template/en/default/admin/groups/create.html.tmpl b/template/en/default/admin/groups/create.html.tmpl index 2b50d73a2..d6422f769 100644 --- a/template/en/default/admin/groups/create.html.tmpl +++ b/template/en/default/admin/groups/create.html.tmpl @@ -49,6 +49,7 @@ Insert new group into all existing products.<p> <input type="submit" id="create" value="Add"> <input type="hidden" name="action" value="new"> + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> <p><b>Name</b> is what is used with the B<!-- blah -->ugzilla->user->in_group() diff --git a/template/en/default/admin/groups/delete.html.tmpl b/template/en/default/admin/groups/delete.html.tmpl index f5aa7a9b4..22701407a 100644 --- a/template/en/default/admin/groups/delete.html.tmpl +++ b/template/en/default/admin/groups/delete.html.tmpl @@ -123,6 +123,7 @@ <p><input type="submit" id="delete" value="Yes, delete"> <input type="hidden" name="action" value="delete"> <input type="hidden" name="group" value="[% gid FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> Go back to the <a href="editgroups.cgi">group list</a>. diff --git a/template/en/default/admin/groups/edit.html.tmpl b/template/en/default/admin/groups/edit.html.tmpl index c1d032e1a..6c5771661 100644 --- a/template/en/default/admin/groups/edit.html.tmpl +++ b/template/en/default/admin/groups/edit.html.tmpl @@ -214,6 +214,7 @@ <input type="hidden" name="action" value="postchanges"> <input type="hidden" name="group" value="[% group_id FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> Back to the <a href="editgroups.cgi">group list</a>. diff --git a/template/en/default/admin/keywords/confirm-delete.html.tmpl b/template/en/default/admin/keywords/confirm-delete.html.tmpl index 89123e2bf..0d68524d7 100755 --- a/template/en/default/admin/keywords/confirm-delete.html.tmpl +++ b/template/en/default/admin/keywords/confirm-delete.html.tmpl @@ -45,6 +45,7 @@ <input type="hidden" name="id" value="[% keyword.id FILTER html %]"> <input type="hidden" name="action" value="delete"> <input type="hidden" name="reallydelete" value="1"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="submit" id="delete" value="Yes, really delete the keyword"> </form> diff --git a/template/en/default/admin/keywords/create.html.tmpl b/template/en/default/admin/keywords/create.html.tmpl index 103aa03b2..45d97819e 100755 --- a/template/en/default/admin/keywords/create.html.tmpl +++ b/template/en/default/admin/keywords/create.html.tmpl @@ -51,6 +51,7 @@ <input type="hidden" name="id" value="-1"> <input type="submit" id="create" value="Add"> <input type="hidden" name="action" value="new"> + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> <p><a href="editkeywords.cgi">Edit other keywords</a>.</p> diff --git a/template/en/default/admin/keywords/edit.html.tmpl b/template/en/default/admin/keywords/edit.html.tmpl index 0d3beaf33..81f072b8b 100755 --- a/template/en/default/admin/keywords/edit.html.tmpl +++ b/template/en/default/admin/keywords/edit.html.tmpl @@ -66,6 +66,7 @@ <input type="submit" id="update" value="Update"> <input type="hidden" name="action" value="update"> <input type="hidden" name="id" value="[% keyword.id FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> <p><a href="editkeywords.cgi">Edit other keywords</a>.</p> diff --git a/template/en/default/admin/milestones/confirm-delete.html.tmpl b/template/en/default/admin/milestones/confirm-delete.html.tmpl index 1667af3b7..b1f893ffd 100644 --- a/template/en/default/admin/milestones/confirm-delete.html.tmpl +++ b/template/en/default/admin/milestones/confirm-delete.html.tmpl @@ -90,6 +90,7 @@ <input type="hidden" name="action" value="delete"> <input type="hidden" name="product" value="[% product.name FILTER html %]"> <input type="hidden" name="milestone" value="[% milestone.name FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> [% PROCESS admin/milestones/footer.html.tmpl %] diff --git a/template/en/default/admin/milestones/create.html.tmpl b/template/en/default/admin/milestones/create.html.tmpl index 8dd23e3de..edace52bf 100644 --- a/template/en/default/admin/milestones/create.html.tmpl +++ b/template/en/default/admin/milestones/create.html.tmpl @@ -49,7 +49,7 @@ <input type="submit" id="create" value="Add"> <input type="hidden" name="action" value="new"> <input type="hidden" name='product' value="[% product.name FILTER html %]"> - + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> <p> diff --git a/template/en/default/admin/milestones/edit.html.tmpl b/template/en/default/admin/milestones/edit.html.tmpl index f216166b1..c7aeb031a 100644 --- a/template/en/default/admin/milestones/edit.html.tmpl +++ b/template/en/default/admin/milestones/edit.html.tmpl @@ -55,7 +55,7 @@ <input type="hidden" name="action" value="update"> <input type="hidden" name="product" value="[% product.name FILTER html %]"> <input type="submit" id="update" value="Update"> - + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> <p> diff --git a/template/en/default/admin/params/editparams.html.tmpl b/template/en/default/admin/params/editparams.html.tmpl index ef379e75c..ce5442b3a 100644 --- a/template/en/default/admin/params/editparams.html.tmpl +++ b/template/en/default/admin/params/editparams.html.tmpl @@ -99,6 +99,7 @@ [% PROCESS admin/params/common.html.tmpl panel = current_panel %] <input type="hidden" name="section" value="[% current_panel.name FILTER html %]"> <input type="hidden" name="action" value="save"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="reset" value="Reset form"> <input type="submit" name="action" value="Save Changes"> </form> diff --git a/template/en/default/admin/products/confirm-delete.html.tmpl b/template/en/default/admin/products/confirm-delete.html.tmpl index 75aeb623a..84f8da569 100644 --- a/template/en/default/admin/products/confirm-delete.html.tmpl +++ b/template/en/default/admin/products/confirm-delete.html.tmpl @@ -263,6 +263,7 @@ <input type="submit" id="delete" value="Yes, delete"> <input type="hidden" name="action" value="delete"> <input type="hidden" name="product" value="[% product.name FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="hidden" name="classification" value="[% classification.name FILTER html %]"> </form> diff --git a/template/en/default/admin/products/create.html.tmpl b/template/en/default/admin/products/create.html.tmpl index fd1ed34cc..5fb7d8bd1 100644 --- a/template/en/default/admin/products/create.html.tmpl +++ b/template/en/default/admin/products/create.html.tmpl @@ -57,6 +57,7 @@ <input type="hidden" name="subcategory" value="-All-"> <input type="hidden" name="open_name" value="All Open"> <input type="hidden" name="action" value="new"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="hidden" name="classification" value="[% classification.name FILTER html %]"> </form> diff --git a/template/en/default/admin/products/edit.html.tmpl b/template/en/default/admin/products/edit.html.tmpl index 105ec6e74..0371e3343 100644 --- a/template/en/default/admin/products/edit.html.tmpl +++ b/template/en/default/admin/products/edit.html.tmpl @@ -132,6 +132,7 @@ versions:</a> <input type="hidden" name="product_old_name" value="[% product.name FILTER html %]"> <input type="hidden" name="action" value="update"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="hidden" name="classification" value="[% classification.name FILTER html %]"> <input type="submit" name="submit" value="Update"> diff --git a/template/en/default/admin/products/groupcontrol/edit.html.tmpl b/template/en/default/admin/products/groupcontrol/edit.html.tmpl index 174d15869..32b5e9d8c 100644 --- a/template/en/default/admin/products/groupcontrol/edit.html.tmpl +++ b/template/en/default/admin/products/groupcontrol/edit.html.tmpl @@ -31,6 +31,7 @@ <form method="post" action="editproducts.cgi"> <input type="hidden" name="action" value="updategroupcontrols"> <input type="hidden" name="product" value="[% product.name FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="hidden" name="classification" value="[% classification.name FILTER html %]"> diff --git a/template/en/default/admin/settings/edit.html.tmpl b/template/en/default/admin/settings/edit.html.tmpl index 9ca9226e7..8881fc3dc 100644 --- a/template/en/default/admin/settings/edit.html.tmpl +++ b/template/en/default/admin/settings/edit.html.tmpl @@ -85,6 +85,7 @@ page, and the Default Value will automatically apply to everyone. </table> <input type="hidden" name="action" value="update"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <table> <tr> <td width="150"></td> diff --git a/template/en/default/admin/users/confirm-delete.html.tmpl b/template/en/default/admin/users/confirm-delete.html.tmpl index 6f0a565ca..4c348fa10 100644 --- a/template/en/default/admin/users/confirm-delete.html.tmpl +++ b/template/en/default/admin/users/confirm-delete.html.tmpl @@ -448,6 +448,7 @@ <input type="submit" id="delete" value="Yes, delete"/> <input type="hidden" name="action" value="delete" /> <input type="hidden" name="userid" value="[% otheruser.id %]" /> + <input type="hidden" name="token" value="[% token FILTER html %]"> [% INCLUDE listselectionhiddenfields %] </p> </form> diff --git a/template/en/default/admin/users/create.html.tmpl b/template/en/default/admin/users/create.html.tmpl index 4cef3884a..66cdd91e0 100644 --- a/template/en/default/admin/users/create.html.tmpl +++ b/template/en/default/admin/users/create.html.tmpl @@ -41,6 +41,7 @@ <p> <input type="submit" id="add" value="Add"/> <input type="hidden" name="action" value="new" /> + <input type="hidden" name="token" value="[% token FILTER html %]"> [% INCLUDE listselectionhiddenfields %] </p> </form> diff --git a/template/en/default/admin/users/edit.html.tmpl b/template/en/default/admin/users/edit.html.tmpl index b0cc21082..61778ad93 100644 --- a/template/en/default/admin/users/edit.html.tmpl +++ b/template/en/default/admin/users/edit.html.tmpl @@ -106,6 +106,7 @@ <input type="submit" id="update" value="Update" /> <input type="hidden" name="userid" value="[% otheruser.id %]" /> <input type="hidden" name="action" value="update" /> + <input type="hidden" name="token" value="[% token FILTER html %]"> [% INCLUDE listselectionhiddenfields %] or <a href="editusers.cgi?action=activity&userid=[% otheruser.id %]" diff --git a/template/en/default/admin/versions/confirm-delete.html.tmpl b/template/en/default/admin/versions/confirm-delete.html.tmpl index feef86035..5d5fb8193 100644 --- a/template/en/default/admin/versions/confirm-delete.html.tmpl +++ b/template/en/default/admin/versions/confirm-delete.html.tmpl @@ -92,6 +92,7 @@ <input type="hidden" name="action" value="delete"> <input type="hidden" name="product" value="[% product.name FILTER html %]"> <input type="hidden" name="version" value="[% version.name FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> [% END %] diff --git a/template/en/default/admin/versions/create.html.tmpl b/template/en/default/admin/versions/create.html.tmpl index 44d43cab4..c421ab12b 100644 --- a/template/en/default/admin/versions/create.html.tmpl +++ b/template/en/default/admin/versions/create.html.tmpl @@ -43,7 +43,7 @@ <input type="submit" id="create" value="Add"> <input type="hidden" name="action" value="new"> <input type="hidden" name='product' value="[% product.name FILTER html %]"> - + <input type="hidden" name="token" value="[% token FILTER html %]"> </form> <p> diff --git a/template/en/default/admin/versions/edit.html.tmpl b/template/en/default/admin/versions/edit.html.tmpl index 7f0de2677..cfdfd4981 100644 --- a/template/en/default/admin/versions/edit.html.tmpl +++ b/template/en/default/admin/versions/edit.html.tmpl @@ -48,8 +48,8 @@ <input type="hidden" name="versionold" value="[% version.name FILTER html %]"> <input type="hidden" name="action" value="update"> <input type="hidden" name="product" value="[% product.name FILTER html %]"> + <input type="hidden" name="token" value="[% token FILTER html %]"> <input type="submit" id="update" value="Update"> - </form> <p> diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl index d9a3e1913..0c37234ff 100644 --- a/template/en/default/filterexceptions.pl +++ b/template/en/default/filterexceptions.pl @@ -512,7 +512,6 @@ 'admin/flag-type/list.html.tmpl' => [ 'type.id', - 'type.flag_count', ], diff --git a/template/en/default/whine/schedule.html.tmpl b/template/en/default/whine/schedule.html.tmpl index c7370a3e1..28fceabab 100644 --- a/template/en/default/whine/schedule.html.tmpl +++ b/template/en/default/whine/schedule.html.tmpl @@ -82,6 +82,7 @@ <input type="submit" value="Update / Commit" name="commit" style="display: none;" id="commit"> <input type="hidden" name="update" value="1"> +<input type="hidden" name="token" value="[% token FILTER html %]"> [% FOREACH event = events %] |