summaryrefslogtreecommitdiffstats
path: root/template
diff options
context:
space:
mode:
authorReed Loden <reed@reedloden.com>2011-12-13 23:30:07 +0100
committerReed Loden <reed@reedloden.com>2011-12-13 23:30:07 +0100
commita6aa75fc6f96527f01e8b4f0da414d9fa8ad8ce1 (patch)
tree4fd1b57b81d9467912099f4ac3b71fd9af0abd3a /template
parent0133e0b65b1d73d87604b9f94b92c712206137e3 (diff)
downloadbugzilla-a6aa75fc6f96527f01e8b4f0da414d9fa8ad8ce1.tar.gz
bugzilla-a6aa75fc6f96527f01e8b4f0da414d9fa8ad8ce1.tar.xz
Bug 705474 - CSRF vulnerability in createaccount.cgi allows possible unauthorized account creation e-mail request
[r=mkanat a=mkanat]
Diffstat (limited to 'template')
-rw-r--r--template/en/default/account/create.html.tmpl1
1 files changed, 1 insertions, 0 deletions
diff --git a/template/en/default/account/create.html.tmpl b/template/en/default/account/create.html.tmpl
index 5b8220193..5acd9f541 100644
--- a/template/en/default/account/create.html.tmpl
+++ b/template/en/default/account/create.html.tmpl
@@ -73,6 +73,7 @@
</tr>
</table>
<br>
+ <input type="hidden" id="token" name="token" value="[% issue_hash_token(['create_account']) FILTER html %]">
<input type="submit" id="send" value="Send">
</form>