Bug 621108: [SECURITY] Creating/editing charts lacks CSRF protection

r=dkl a=LpSolit

2 files changed, 3 insertions, 0 deletions

diff --git a/template/en/default/reports/edit-series.html.tmpl b/template/en/default/reports/edit-series.html.tmpl
index 9afe7edcd..da7d15e0a 100644
--- a/template/en/default/reports/edit-series.html.tmpl
+++ b/template/en/default/reports/edit-series.html.tmpl
@@ -40,6 +40,8 @@
   [% PROCESS reports/series.html.tmpl 
      button_name = "Change Data Set" %]
   <input type="hidden" name="action" value="alter">
+  <input type="hidden" name="token"
+         value="[% issue_hash_token([default.id, default.name]) FILTER html %]">
   
   [% IF default.series_id %]
     <input type="hidden" name="series_id" value="[% default.series_id %]">
diff --git a/template/en/default/search/search-create-series.html.tmpl b/template/en/default/search/search-create-series.html.tmpl
index 2aa5224c4..468324abd 100644
--- a/template/en/default/search/search-create-series.html.tmpl
+++ b/template/en/default/search/search-create-series.html.tmpl
@@ -54,6 +54,7 @@
 [% PROCESS reports/series.html.tmpl 
    button_name = "Create Data Set" %]
   <input type="hidden" name="action" value="create">
+  <input type="hidden" name="token" value="[% issue_hash_token(['create-series']) FILTER html %]">
 
 <script type="text/javascript">
   document.chartform.category[0].selected = true;