summaryrefslogtreecommitdiffstats
path: root/template/en/default
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2006-10-15 07:02:09 +0200
committerlpsolit%gmail.com <>2006-10-15 07:02:09 +0200
commit93815fc7619567cc962e053280c5ed0b19492feb (patch)
treeffc99d8156c41fbd0d5ab8801324adead2ef4436 /template/en/default
parent6fcfcb93eda16108f71b4c96010bae95cde622cd (diff)
downloadbugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.gz
bugzilla-93815fc7619567cc962e053280c5ed0b19492feb.tar.xz
Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
Diffstat (limited to 'template/en/default')
-rw-r--r--template/en/default/admin/classifications/add.html.tmpl1
-rw-r--r--template/en/default/admin/classifications/del.html.tmpl1
-rw-r--r--template/en/default/admin/classifications/edit.html.tmpl1
-rw-r--r--template/en/default/admin/classifications/reclassify.html.tmpl1
-rw-r--r--template/en/default/admin/components/confirm-delete.html.tmpl1
-rw-r--r--template/en/default/admin/components/create.html.tmpl2
-rw-r--r--template/en/default/admin/components/edit.html.tmpl1
-rw-r--r--template/en/default/admin/confirm-action.html.tmpl97
-rw-r--r--template/en/default/admin/custom_fields/create.html.tmpl1
-rw-r--r--template/en/default/admin/custom_fields/edit.html.tmpl1
-rw-r--r--template/en/default/admin/fieldvalues/confirm-delete.html.tmpl1
-rw-r--r--template/en/default/admin/fieldvalues/create.html.tmpl2
-rw-r--r--template/en/default/admin/fieldvalues/edit.html.tmpl2
-rw-r--r--template/en/default/admin/flag-type/confirm-delete.html.tmpl16
-rw-r--r--template/en/default/admin/flag-type/edit.html.tmpl1
-rw-r--r--template/en/default/admin/flag-type/list.html.tmpl23
-rw-r--r--template/en/default/admin/groups/create.html.tmpl1
-rw-r--r--template/en/default/admin/groups/delete.html.tmpl1
-rw-r--r--template/en/default/admin/groups/edit.html.tmpl1
-rwxr-xr-xtemplate/en/default/admin/keywords/confirm-delete.html.tmpl1
-rwxr-xr-xtemplate/en/default/admin/keywords/create.html.tmpl1
-rwxr-xr-xtemplate/en/default/admin/keywords/edit.html.tmpl1
-rw-r--r--template/en/default/admin/milestones/confirm-delete.html.tmpl1
-rw-r--r--template/en/default/admin/milestones/create.html.tmpl2
-rw-r--r--template/en/default/admin/milestones/edit.html.tmpl2
-rw-r--r--template/en/default/admin/params/editparams.html.tmpl1
-rw-r--r--template/en/default/admin/products/confirm-delete.html.tmpl1
-rw-r--r--template/en/default/admin/products/create.html.tmpl1
-rw-r--r--template/en/default/admin/products/edit.html.tmpl1
-rw-r--r--template/en/default/admin/products/groupcontrol/edit.html.tmpl1
-rw-r--r--template/en/default/admin/settings/edit.html.tmpl1
-rw-r--r--template/en/default/admin/users/confirm-delete.html.tmpl1
-rw-r--r--template/en/default/admin/users/create.html.tmpl1
-rw-r--r--template/en/default/admin/users/edit.html.tmpl1
-rw-r--r--template/en/default/admin/versions/confirm-delete.html.tmpl1
-rw-r--r--template/en/default/admin/versions/create.html.tmpl2
-rw-r--r--template/en/default/admin/versions/edit.html.tmpl2
-rw-r--r--template/en/default/filterexceptions.pl1
-rw-r--r--template/en/default/whine/schedule.html.tmpl1
39 files changed, 140 insertions, 39 deletions
diff --git a/template/en/default/admin/classifications/add.html.tmpl b/template/en/default/admin/classifications/add.html.tmpl
index 15b8fc3a2..d549bbc79 100644
--- a/template/en/default/admin/classifications/add.html.tmpl
+++ b/template/en/default/admin/classifications/add.html.tmpl
@@ -49,6 +49,7 @@
<hr>
<input type=submit value="Add">
<input type=hidden name="action" value="new">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</FORM>
<p>Back to the <a href="./">main [% terms.bugs %] page</a>
diff --git a/template/en/default/admin/classifications/del.html.tmpl b/template/en/default/admin/classifications/del.html.tmpl
index 84c3cb197..ffb8fe065 100644
--- a/template/en/default/admin/classifications/del.html.tmpl
+++ b/template/en/default/admin/classifications/del.html.tmpl
@@ -56,6 +56,7 @@
<input type=submit value="Yes, delete">
<input type=hidden name="action" value="delete">
<input type=hidden name="classification" value="[% classification.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p>Back to the <a href="./">main [% terms.bugs %] page</a>
diff --git a/template/en/default/admin/classifications/edit.html.tmpl b/template/en/default/admin/classifications/edit.html.tmpl
index b56a401f4..923a79f5e 100644
--- a/template/en/default/admin/classifications/edit.html.tmpl
+++ b/template/en/default/admin/classifications/edit.html.tmpl
@@ -77,6 +77,7 @@
<input type=hidden name="classificationold"
value="[% classification.name FILTER html %]">
<input type=hidden name="action" value="update">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type=submit value="Update">
</form>
diff --git a/template/en/default/admin/classifications/reclassify.html.tmpl b/template/en/default/admin/classifications/reclassify.html.tmpl
index 0db2fc265..113c6f630 100644
--- a/template/en/default/admin/classifications/reclassify.html.tmpl
+++ b/template/en/default/admin/classifications/reclassify.html.tmpl
@@ -82,6 +82,7 @@
<input type=hidden name="action" value="reclassify">
<input type=hidden name="classification" value="[% classification.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p>Back to the <a href="./">main [% terms.bugs %] page</a>,
diff --git a/template/en/default/admin/components/confirm-delete.html.tmpl b/template/en/default/admin/components/confirm-delete.html.tmpl
index e7e00636e..1d7553f83 100644
--- a/template/en/default/admin/components/confirm-delete.html.tmpl
+++ b/template/en/default/admin/components/confirm-delete.html.tmpl
@@ -150,6 +150,7 @@
<input type="hidden" name="action" value="delete">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
<input type="hidden" name="component" value="[% comp.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
[% END %]
diff --git a/template/en/default/admin/components/create.html.tmpl b/template/en/default/admin/components/create.html.tmpl
index 013ee861e..9b4a19bf0 100644
--- a/template/en/default/admin/components/create.html.tmpl
+++ b/template/en/default/admin/components/create.html.tmpl
@@ -102,7 +102,7 @@
<input type="hidden" name='open_name' value='All Open'>
<input type="hidden" name='nonopen_name' value='All Closed'>
<input type="hidden" name='product' value="[% product.name FILTER html %]">
-
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
[% PROCESS admin/components/footer.html.tmpl %]
diff --git a/template/en/default/admin/components/edit.html.tmpl b/template/en/default/admin/components/edit.html.tmpl
index 6ee3a69fe..81a6e9fc2 100644
--- a/template/en/default/admin/components/edit.html.tmpl
+++ b/template/en/default/admin/components/edit.html.tmpl
@@ -119,6 +119,7 @@
<input type="hidden" name="action" value="update">
<input type="hidden" name="componentold" value="[% comp.name FILTER html %]">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" value="Update" id="update"> or <a
href="editcomponents.cgi?action=del&amp;product=
[%- product.name FILTER url_quote %]&amp;component=
diff --git a/template/en/default/admin/confirm-action.html.tmpl b/template/en/default/admin/confirm-action.html.tmpl
new file mode 100644
index 000000000..6e8caa6ac
--- /dev/null
+++ b/template/en/default/admin/confirm-action.html.tmpl
@@ -0,0 +1,97 @@
+[%# 1.0@bugzilla.org %]
+[%# The contents of this file are subject to the Mozilla Public
+ # License Version 1.1 (the "License"); you may not use this file
+ # except in compliance with the License. You may obtain a copy of
+ # the License at http://www.mozilla.org/MPL/
+ #
+ # Software distributed under the License is distributed on an "AS
+ # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ # implied. See the License for the specific language governing
+ # rights and limitations under the License.
+ #
+ # The Original Code is the Bugzilla Bug Tracking System.
+ #
+ # The Initial Developer of the Original Code is Frédéric Buclin.
+ #
+ # Contributor(s): Frédéric Buclin <LpSolit@gmail.com>
+ #%]
+
+[%# INTERFACE:
+ # abuser: identity of the user who created the (invalid?) token.
+ # token_action: the action the token was supposed to serve.
+ # expected_action: the action the user was going to do.
+ # script_name: the script generating this warning.
+ #%]
+
+[% PROCESS "global/field-descs.none.tmpl" %]
+
+[% PROCESS global/header.html.tmpl title = "Suspicious Action"
+ style_urls = ['skins/standard/global.css'] %]
+
+[% IF abuser %]
+ <div class="throw_error">
+ <p>When you view an administrative form in [% terms.Bugzilla %], a token string
+ is randomly generated and stored both in the database and in the form you loaded,
+ to make sure that the requested changes are being made as a result of submitting
+ a form generated by [% terms.Bugzilla %]. Unfortunately, the token used right now
+ is incorrect, meaning that it looks like you didn't come from the right page.
+ The following token has been used :</p>
+
+ <table border="0" cellpadding="5" cellspacing="0">
+ [% IF token_action != expected_action %]
+ <tr>
+ <th>Action&nbsp;stored:</th>
+ <td>[% token_action FILTER html %]</td>
+ </tr>
+ <tr>
+ <th>&nbsp;</th>
+ <td>
+ This action doesn't match the one expected ([% expected_action FILTER html %]).
+ </td>
+ </tr>
+ [% END %]
+
+ [% IF abuser != user.identity %]
+ <tr>
+ <th>Generated&nbsp;by:</th>
+ <td>[% abuser FILTER html %]</td>
+ </tr>
+ <tr>
+ <th>&nbsp;</th>
+ <td>
+ This token has not been generated by you. It is possible that someone
+ tried to trick you!
+ </td>
+ </tr>
+ [% END %]
+ </table>
+
+ <p>Please report this problem to [%+ Param("maintainer") FILTER html %].</p>
+ </div>
+[% ELSE %]
+ <div class="throw_error">
+ It looks like you didn't come from the right page (you have no valid token for
+ the <em>[% expected_action FILTER html %]</em> action while processing the
+ '[% script_name FILTER html%]' script). The reason could be one of:<br>
+ <ul>
+ <li>You clicked the "Back" button of your web browser after having successfully
+ submitted changes, which is generally not a good idea (but harmless).</li>
+ <li>You entered the URL in the address bar of your web browser directly,
+ which should be safe.</li>
+ <li>You clicked on a URL which redirected you here <b>without your consent</b>,
+ in which case this action is much more critical.</li>
+ </ul>
+ Are you sure you want to commit these changes anyway? This may result in
+ unexpected and undesired results.
+ </div>
+
+ <form name="check" id="check" method="post" action="[% script_name FILTER html %]">
+ [% PROCESS "global/hidden-fields.html.tmpl"
+ exclude="^(Bugzilla_login|Bugzilla_password)$" %]
+ <input type="submit" id="confirm" value="Confirm Changes">
+ </form>
+ <p>Or throw away these changes and go back to <a href="[% script_name FILTER html %]">
+ [%- script_name FILTER html %]</a>.</p>
+[% END %]
+
+[% PROCESS global/footer.html.tmpl %]
diff --git a/template/en/default/admin/custom_fields/create.html.tmpl b/template/en/default/admin/custom_fields/create.html.tmpl
index e8b66deca..995c4d0a9 100644
--- a/template/en/default/admin/custom_fields/create.html.tmpl
+++ b/template/en/default/admin/custom_fields/create.html.tmpl
@@ -102,6 +102,7 @@
</table>
<br>
<input type="hidden" name="action" value="new">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" id="create" value="Create">
</form>
diff --git a/template/en/default/admin/custom_fields/edit.html.tmpl b/template/en/default/admin/custom_fields/edit.html.tmpl
index 6ffa3d89d..2165ac323 100644
--- a/template/en/default/admin/custom_fields/edit.html.tmpl
+++ b/template/en/default/admin/custom_fields/edit.html.tmpl
@@ -98,6 +98,7 @@
<br>
<input type="hidden" name="action" value="update">
<input type="hidden" name="name" value="[% field.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" id="edit" value="Submit">
</form>
diff --git a/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl b/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl
index d29c124d6..4cd001476 100644
--- a/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl
+++ b/template/en/default/admin/fieldvalues/confirm-delete.html.tmpl
@@ -111,6 +111,7 @@
<input type="hidden" name="action" value="delete">
<input type="hidden" name="field" value="[% field FILTER html %]">
<input type="hidden" name="value" value="[% value FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
[% END %]
diff --git a/template/en/default/admin/fieldvalues/create.html.tmpl b/template/en/default/admin/fieldvalues/create.html.tmpl
index c0d364416..2e87af053 100644
--- a/template/en/default/admin/fieldvalues/create.html.tmpl
+++ b/template/en/default/admin/fieldvalues/create.html.tmpl
@@ -42,7 +42,7 @@
<input type="submit" id="create" value="Add">
<input type="hidden" name="action" value="new">
<input type="hidden" name='field' value="[% field FILTER html %]">
-
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p>
diff --git a/template/en/default/admin/fieldvalues/edit.html.tmpl b/template/en/default/admin/fieldvalues/edit.html.tmpl
index 362ed4753..7ff3c0e33 100644
--- a/template/en/default/admin/fieldvalues/edit.html.tmpl
+++ b/template/en/default/admin/fieldvalues/edit.html.tmpl
@@ -55,8 +55,8 @@
<input type="hidden" name="sortkeyold" value="[% sortkey FILTER html %]">
<input type="hidden" name="action" value="update">
<input type="hidden" name="field" value="[% field FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" id="update" value="Update">
-
</form>
<p>
diff --git a/template/en/default/admin/flag-type/confirm-delete.html.tmpl b/template/en/default/admin/flag-type/confirm-delete.html.tmpl
index fda34e3b1..0af9fb5a2 100644
--- a/template/en/default/admin/flag-type/confirm-delete.html.tmpl
+++ b/template/en/default/admin/flag-type/confirm-delete.html.tmpl
@@ -21,18 +21,16 @@
[% PROCESS global/variables.none.tmpl %]
-[%# Filter off the name here to be used multiple times below %]
-[% name = BLOCK %][% flag_type.name FILTER html %][% END %]
+[% title = BLOCK %]Confirm Deletion of Flag Type '[% flag_type.name FILTER html %]'[% END %]
-[% PROCESS global/header.html.tmpl
- title = "Confirm Deletion of Flag Type '$name'"
-%]
+[% PROCESS global/header.html.tmpl title = title %]
<p>
- There are [% flag_type.flag_count %] flags of type [% name FILTER html %].
+ There are [% flag_type.flag_count %] flags of type [% flag_type.name FILTER html %].
If you delete this type, those flags will also be deleted. Note that
instead of deleting the type you can
- <a href="editflagtypes.cgi?action=deactivate&amp;id=[% flag_type.id %]">deactivate it</a>,
+ <a href="editflagtypes.cgi?action=deactivate&amp;id=[% flag_type.id %]&amp;token=
+ [%- token FILTER html %]">deactivate it</a>,
in which case the type and its flags will remain in the database
but will not appear in the [% terms.Bugzilla %] UI.
</p>
@@ -45,8 +43,8 @@
</tr>
<tr>
<td>
- <a href="editflagtypes.cgi?action=delete&amp;id=[% flag_type.id %]">
- Yes, delete
+ <a href="editflagtypes.cgi?action=delete&amp;id=[% flag_type.id %]&amp;token=
+ [%- token FILTER html %]">Yes, delete
</a>
</td>
<td align="right">
diff --git a/template/en/default/admin/flag-type/edit.html.tmpl b/template/en/default/admin/flag-type/edit.html.tmpl
index 942fb3b09..e78c83643 100644
--- a/template/en/default/admin/flag-type/edit.html.tmpl
+++ b/template/en/default/admin/flag-type/edit.html.tmpl
@@ -53,6 +53,7 @@
<form method="post" action="editflagtypes.cgi">
<input type="hidden" name="action" value="[% action %]">
<input type="hidden" name="id" value="[% type.id %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="hidden" name="target_type" value="[% type.target_type %]">
[% FOREACH category = type.inclusions %]
<input type="hidden" name="inclusions" value="[% category.value FILTER html %]">
diff --git a/template/en/default/admin/flag-type/list.html.tmpl b/template/en/default/admin/flag-type/list.html.tmpl
index 94fe3da0c..3346f9570 100644
--- a/template/en/default/admin/flag-type/list.html.tmpl
+++ b/template/en/default/admin/flag-type/list.html.tmpl
@@ -101,25 +101,6 @@
<a href="editflagtypes.cgi?action=enter&amp;target_type=attachment">Create Flag Type For Attachments</a>
</p>
-<script type="text/javascript">
- <!--
- function confirmDelete(id, name, count)
- {
- if (count > 0) {
- var msg = 'There are ' + count + ' flags of type ' + name + '. ' +
- 'If you delete this type, those flags will also be ' +
- 'deleted.\n\nNote: to deactivate the type instead ' +
- 'of deleting it, edit it and uncheck its "is active" ' +
- 'flag.\n\nDo you really want to delete this flag type?';
- if (!confirm(msg)) return false;
- }
- location.href = "editflagtypes.cgi?action=delete&id=" + id;
- return false; // prevent strict JavaScript warning that this function
- // does not always return a value
- }
- //-->
-</script>
-
[% PROCESS global/footer.html.tmpl %]
@@ -157,9 +138,7 @@
<td>[% IF type.request_group %][% type.request_group.name FILTER html %][% END %]</td>
<td>
<a href="editflagtypes.cgi?action=copy&amp;id=[% type.id %]">Copy</a>
- | <a href="editflagtypes.cgi?action=confirmdelete&amp;id=[% type.id %]"
- onclick="return confirmDelete([% type.id %], '[% type.name FILTER js FILTER html %]',
- [% type.flag_count %]);">Delete</a>
+ | <a href="editflagtypes.cgi?action=confirmdelete&amp;id=[% type.id %]">Delete</a>
</td>
</tr>
diff --git a/template/en/default/admin/groups/create.html.tmpl b/template/en/default/admin/groups/create.html.tmpl
index 2b50d73a2..d6422f769 100644
--- a/template/en/default/admin/groups/create.html.tmpl
+++ b/template/en/default/admin/groups/create.html.tmpl
@@ -49,6 +49,7 @@
Insert new group into all existing products.<p>
<input type="submit" id="create" value="Add">
<input type="hidden" name="action" value="new">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p><b>Name</b> is what is used with the B<!-- blah -->ugzilla->user->in_group()
diff --git a/template/en/default/admin/groups/delete.html.tmpl b/template/en/default/admin/groups/delete.html.tmpl
index f5aa7a9b4..22701407a 100644
--- a/template/en/default/admin/groups/delete.html.tmpl
+++ b/template/en/default/admin/groups/delete.html.tmpl
@@ -123,6 +123,7 @@
<p><input type="submit" id="delete" value="Yes, delete">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="group" value="[% gid FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
Go back to the <a href="editgroups.cgi">group list</a>.
diff --git a/template/en/default/admin/groups/edit.html.tmpl b/template/en/default/admin/groups/edit.html.tmpl
index c1d032e1a..6c5771661 100644
--- a/template/en/default/admin/groups/edit.html.tmpl
+++ b/template/en/default/admin/groups/edit.html.tmpl
@@ -214,6 +214,7 @@
<input type="hidden" name="action" value="postchanges">
<input type="hidden" name="group" value="[% group_id FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
Back to the <a href="editgroups.cgi">group list</a>.
diff --git a/template/en/default/admin/keywords/confirm-delete.html.tmpl b/template/en/default/admin/keywords/confirm-delete.html.tmpl
index 89123e2bf..0d68524d7 100755
--- a/template/en/default/admin/keywords/confirm-delete.html.tmpl
+++ b/template/en/default/admin/keywords/confirm-delete.html.tmpl
@@ -45,6 +45,7 @@
<input type="hidden" name="id" value="[% keyword.id FILTER html %]">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="reallydelete" value="1">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" id="delete"
value="Yes, really delete the keyword">
</form>
diff --git a/template/en/default/admin/keywords/create.html.tmpl b/template/en/default/admin/keywords/create.html.tmpl
index 103aa03b2..45d97819e 100755
--- a/template/en/default/admin/keywords/create.html.tmpl
+++ b/template/en/default/admin/keywords/create.html.tmpl
@@ -51,6 +51,7 @@
<input type="hidden" name="id" value="-1">
<input type="submit" id="create" value="Add">
<input type="hidden" name="action" value="new">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p><a href="editkeywords.cgi">Edit other keywords</a>.</p>
diff --git a/template/en/default/admin/keywords/edit.html.tmpl b/template/en/default/admin/keywords/edit.html.tmpl
index 0d3beaf33..81f072b8b 100755
--- a/template/en/default/admin/keywords/edit.html.tmpl
+++ b/template/en/default/admin/keywords/edit.html.tmpl
@@ -66,6 +66,7 @@
<input type="submit" id="update" value="Update">
<input type="hidden" name="action" value="update">
<input type="hidden" name="id" value="[% keyword.id FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p><a href="editkeywords.cgi">Edit other keywords</a>.</p>
diff --git a/template/en/default/admin/milestones/confirm-delete.html.tmpl b/template/en/default/admin/milestones/confirm-delete.html.tmpl
index 1667af3b7..b1f893ffd 100644
--- a/template/en/default/admin/milestones/confirm-delete.html.tmpl
+++ b/template/en/default/admin/milestones/confirm-delete.html.tmpl
@@ -90,6 +90,7 @@
<input type="hidden" name="action" value="delete">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
<input type="hidden" name="milestone" value="[% milestone.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
[% PROCESS admin/milestones/footer.html.tmpl %]
diff --git a/template/en/default/admin/milestones/create.html.tmpl b/template/en/default/admin/milestones/create.html.tmpl
index 8dd23e3de..edace52bf 100644
--- a/template/en/default/admin/milestones/create.html.tmpl
+++ b/template/en/default/admin/milestones/create.html.tmpl
@@ -49,7 +49,7 @@
<input type="submit" id="create" value="Add">
<input type="hidden" name="action" value="new">
<input type="hidden" name='product' value="[% product.name FILTER html %]">
-
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p>
diff --git a/template/en/default/admin/milestones/edit.html.tmpl b/template/en/default/admin/milestones/edit.html.tmpl
index f216166b1..c7aeb031a 100644
--- a/template/en/default/admin/milestones/edit.html.tmpl
+++ b/template/en/default/admin/milestones/edit.html.tmpl
@@ -55,7 +55,7 @@
<input type="hidden" name="action" value="update">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
<input type="submit" id="update" value="Update">
-
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p>
diff --git a/template/en/default/admin/params/editparams.html.tmpl b/template/en/default/admin/params/editparams.html.tmpl
index ef379e75c..ce5442b3a 100644
--- a/template/en/default/admin/params/editparams.html.tmpl
+++ b/template/en/default/admin/params/editparams.html.tmpl
@@ -99,6 +99,7 @@
[% PROCESS admin/params/common.html.tmpl panel = current_panel %]
<input type="hidden" name="section" value="[% current_panel.name FILTER html %]">
<input type="hidden" name="action" value="save">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="reset" value="Reset form">
<input type="submit" name="action" value="Save Changes">
</form>
diff --git a/template/en/default/admin/products/confirm-delete.html.tmpl b/template/en/default/admin/products/confirm-delete.html.tmpl
index 75aeb623a..84f8da569 100644
--- a/template/en/default/admin/products/confirm-delete.html.tmpl
+++ b/template/en/default/admin/products/confirm-delete.html.tmpl
@@ -263,6 +263,7 @@
<input type="submit" id="delete" value="Yes, delete">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="hidden" name="classification"
value="[% classification.name FILTER html %]">
</form>
diff --git a/template/en/default/admin/products/create.html.tmpl b/template/en/default/admin/products/create.html.tmpl
index fd1ed34cc..5fb7d8bd1 100644
--- a/template/en/default/admin/products/create.html.tmpl
+++ b/template/en/default/admin/products/create.html.tmpl
@@ -57,6 +57,7 @@
<input type="hidden" name="subcategory" value="-All-">
<input type="hidden" name="open_name" value="All Open">
<input type="hidden" name="action" value="new">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="hidden" name="classification"
value="[% classification.name FILTER html %]">
</form>
diff --git a/template/en/default/admin/products/edit.html.tmpl b/template/en/default/admin/products/edit.html.tmpl
index 105ec6e74..0371e3343 100644
--- a/template/en/default/admin/products/edit.html.tmpl
+++ b/template/en/default/admin/products/edit.html.tmpl
@@ -132,6 +132,7 @@ versions:</a>
<input type="hidden" name="product_old_name"
value="[% product.name FILTER html %]">
<input type="hidden" name="action" value="update">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="hidden" name="classification"
value="[% classification.name FILTER html %]">
<input type="submit" name="submit" value="Update">
diff --git a/template/en/default/admin/products/groupcontrol/edit.html.tmpl b/template/en/default/admin/products/groupcontrol/edit.html.tmpl
index 174d15869..32b5e9d8c 100644
--- a/template/en/default/admin/products/groupcontrol/edit.html.tmpl
+++ b/template/en/default/admin/products/groupcontrol/edit.html.tmpl
@@ -31,6 +31,7 @@
<form method="post" action="editproducts.cgi">
<input type="hidden" name="action" value="updategroupcontrols">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="hidden" name="classification"
value="[% classification.name FILTER html %]">
diff --git a/template/en/default/admin/settings/edit.html.tmpl b/template/en/default/admin/settings/edit.html.tmpl
index 9ca9226e7..8881fc3dc 100644
--- a/template/en/default/admin/settings/edit.html.tmpl
+++ b/template/en/default/admin/settings/edit.html.tmpl
@@ -85,6 +85,7 @@ page, and the Default Value will automatically apply to everyone.
</table>
<input type="hidden" name="action" value="update">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<table>
<tr>
<td width="150"></td>
diff --git a/template/en/default/admin/users/confirm-delete.html.tmpl b/template/en/default/admin/users/confirm-delete.html.tmpl
index 6f0a565ca..4c348fa10 100644
--- a/template/en/default/admin/users/confirm-delete.html.tmpl
+++ b/template/en/default/admin/users/confirm-delete.html.tmpl
@@ -448,6 +448,7 @@
<input type="submit" id="delete" value="Yes, delete"/>
<input type="hidden" name="action" value="delete" />
<input type="hidden" name="userid" value="[% otheruser.id %]" />
+ <input type="hidden" name="token" value="[% token FILTER html %]">
[% INCLUDE listselectionhiddenfields %]
</p>
</form>
diff --git a/template/en/default/admin/users/create.html.tmpl b/template/en/default/admin/users/create.html.tmpl
index 4cef3884a..66cdd91e0 100644
--- a/template/en/default/admin/users/create.html.tmpl
+++ b/template/en/default/admin/users/create.html.tmpl
@@ -41,6 +41,7 @@
<p>
<input type="submit" id="add" value="Add"/>
<input type="hidden" name="action" value="new" />
+ <input type="hidden" name="token" value="[% token FILTER html %]">
[% INCLUDE listselectionhiddenfields %]
</p>
</form>
diff --git a/template/en/default/admin/users/edit.html.tmpl b/template/en/default/admin/users/edit.html.tmpl
index b0cc21082..61778ad93 100644
--- a/template/en/default/admin/users/edit.html.tmpl
+++ b/template/en/default/admin/users/edit.html.tmpl
@@ -106,6 +106,7 @@
<input type="submit" id="update" value="Update" />
<input type="hidden" name="userid" value="[% otheruser.id %]" />
<input type="hidden" name="action" value="update" />
+ <input type="hidden" name="token" value="[% token FILTER html %]">
[% INCLUDE listselectionhiddenfields %]
or <a href="editusers.cgi?action=activity&amp;userid=[% otheruser.id %]"
diff --git a/template/en/default/admin/versions/confirm-delete.html.tmpl b/template/en/default/admin/versions/confirm-delete.html.tmpl
index feef86035..5d5fb8193 100644
--- a/template/en/default/admin/versions/confirm-delete.html.tmpl
+++ b/template/en/default/admin/versions/confirm-delete.html.tmpl
@@ -92,6 +92,7 @@
<input type="hidden" name="action" value="delete">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
<input type="hidden" name="version" value="[% version.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
[% END %]
diff --git a/template/en/default/admin/versions/create.html.tmpl b/template/en/default/admin/versions/create.html.tmpl
index 44d43cab4..c421ab12b 100644
--- a/template/en/default/admin/versions/create.html.tmpl
+++ b/template/en/default/admin/versions/create.html.tmpl
@@ -43,7 +43,7 @@
<input type="submit" id="create" value="Add">
<input type="hidden" name="action" value="new">
<input type="hidden" name='product' value="[% product.name FILTER html %]">
-
+ <input type="hidden" name="token" value="[% token FILTER html %]">
</form>
<p>
diff --git a/template/en/default/admin/versions/edit.html.tmpl b/template/en/default/admin/versions/edit.html.tmpl
index 7f0de2677..cfdfd4981 100644
--- a/template/en/default/admin/versions/edit.html.tmpl
+++ b/template/en/default/admin/versions/edit.html.tmpl
@@ -48,8 +48,8 @@
<input type="hidden" name="versionold" value="[% version.name FILTER html %]">
<input type="hidden" name="action" value="update">
<input type="hidden" name="product" value="[% product.name FILTER html %]">
+ <input type="hidden" name="token" value="[% token FILTER html %]">
<input type="submit" id="update" value="Update">
-
</form>
<p>
diff --git a/template/en/default/filterexceptions.pl b/template/en/default/filterexceptions.pl
index d9a3e1913..0c37234ff 100644
--- a/template/en/default/filterexceptions.pl
+++ b/template/en/default/filterexceptions.pl
@@ -512,7 +512,6 @@
'admin/flag-type/list.html.tmpl' => [
'type.id',
- 'type.flag_count',
],
diff --git a/template/en/default/whine/schedule.html.tmpl b/template/en/default/whine/schedule.html.tmpl
index c7370a3e1..28fceabab 100644
--- a/template/en/default/whine/schedule.html.tmpl
+++ b/template/en/default/whine/schedule.html.tmpl
@@ -82,6 +82,7 @@
<input type="submit" value="Update / Commit" name="commit"
style="display: none;" id="commit">
<input type="hidden" name="update" value="1">
+<input type="hidden" name="token" value="[% token FILTER html %]">
[% FOREACH event = events %]